Skip to content

Talking with my own friends, family and business connections, I understand that Cyber Security has the reputation of being a mystical domain, populated by technical geniuses, who speak a different language, liberally dispersed with acronyms, that excludes a number of business people, and a range of others with a personal digital footprint. Whilst it’s true that the highly technical IT work that secure our computers, Wi-Fi networks and Apps is obviously of great importance, and requires significant expertise, it is not an area where we, as general users, have much control or influence over, aside from running our system updates.

Thus, a lot of people, maybe even you, do not engage in strengthening their Cyber Security position, which, from my personal perspective, is a problem.

Cyber-attacks have been growing over the last few years, and the resulting damage they cause, are in fact a real, increasingly widespread and ongoing threat for nearly everyone in these modern times. A significant number of these attacks originate from criminal entities looking for opportunities to increase their revenue streams by targeting our interconnected, digitally enabled ‘Online’ lives. 

The method used in the attacks can look to exploit vulnerabilities in software (computer code) which supports our Applications or the hardware (peripheral interfaces, hard drives, processor boards etc.) that allow our computers to operate, but, a large percentage of these attacks look to avoid any interaction with technical control measures, but will instead aim to ‘hack’ human psychology and have you, the data owner, provide them with your username and passwords, by sending you a really interesting  message on email, text, social media message or even a phone call, containing a link for you to update your details. 

So, what steps can we take to protect our families and livelihoods? My own view is that we should each look to invest a little time to understand the basics of how the Cyber criminals can attacks us, and take the personal responsibility to educate ourselves on the very simple steps we can take to stop them.  The excellent, and free, advice from the National Cyber Security Centre and Cyber Scotland Partnership, use plain and easily understandable language, which explains Phishing, Vishing, Malware, Ransomware and host of other attack methods. Of greater use are the explanation on the basic steps we can take to strengthen our own individual Cyber Security position, such as creating strong passwords, regularly backing up our data, enabling 2 Factor Authentication (2FA: like chip and PIN on a bank card) on our accounts. These steps are equally applicable in both our private and professional lives.

My recommendation would be to firstly follow as many of the National Cyber Security Centre’s guidance points as possible, whilst also applying a large level of caution on any email, text messages or phone calls that you receive which ask you for any personal details, including usernames or passwords.  If you are in any doubt, do not engage with the message or caller, but instead consider contacting your service provider directly to check if the request is a legitimate one.  Additionally, be vigilant on both your social media security settings (who can see your information, posts and contacts?) and the information you post there. Your family, or pet’s, name and birthdays, or other personal favourites information, could be used by criminals to create that interesting email link you might be enticed into connecting with.  

And finally, make use of the expert advice available from the NCSC and SBRC websites to determine where you might need to focus your efforts in further protecting your assets.  It usually costs much less time, money and effort to apply the appropriate security and resiliency measures to prevent an attack, than it does to suffer from one and then have to recover.

Good luck on your own Cyber Security journey.

About David

David Doran has been ScottishPower’s Security Director for over seven years, with responsibility for Cyber and Physical Security as well as Data Protection, Fire Safety and Business Continuity.

David’s previous experience has included significant roles in airport and manufacturing supply-chain management as well as service with Strathclyde Police. David has been a member of the SBRC board since October 2015.