Organisations can now access a free helpline for support and are being given the chance to assess how cyber resilient they are
Cyber security support for charities in Scotland is being stepped up.
The Scottish Business Resilience Centre (SBRC) in partnership with Scottish Government and Police Scotland has launched the UK’s first cyber incident response helpline.
The free helpline for the voluntary sector and small/medium sized businesses will help victims of cybercrime understand what support is immediately available to them and assist them with recovery.
Since Covid-19 restrictions came into force in March, many organisations have dealt with a sudden increased dependence on technology to support remote working, placing unexpected demands on their cyber defences.
This has resulted in a corresponding rise in cyber incidences for businesses, either through deliberate targeting by cyber criminals or accidental events with unintended consequences.
The free helpline will help organisations confirm they have been the victim of an attack and, if so, provide expert guidance to get them back to secure operations. Organisations who are concerned about their security in general can also get in touch to confirm they have the right processes in place.
Mark Cunningham-Dickie, SBRC’s newly appointed cyber incident and response manager, will manage the helpline and serve as callers’ first point of contact, filtering calls to other security experts as required. He said: “There are many ways a business can experience a security incident, with different levels of complexity. Whether a cyber incident occurs through deliberate targeting or human error, the end result is the same: a disruptive effect on business operations.”
And organisations are also being given the chance to discover how resilient they are to cyber attacks. The Scottish Business Resilience Centre has won a tender from the Scottish Government to launch and deliver the National Cyber Security Centre’s Exercise in a Box to small businesses and charities in Scotland.
More than 250 organisations – from those in the Highlands and Islands all the way to the Borders – will be able to discover how resilient they are to cyberattacks and test their response in a safe environment, without worry about repercussion to their business.
The Exercise in a Box toolkit, created by the National Cyber Security Centre, provides a set of training tools to allow organisations to test their preparedness to the most common cyber attacks, and record and learn lessons from the exercising sessions.
The nine-month programme will be run by the SBRC’s cyber team with input from Police Scotland and other stakeholders. Organisations will be able to participate in the programme through a blended model of tabletop meetings and online sessions. Participants will gain a range of skills allowing them to continue refining their cyber resilience policies in their own time.
Deputy First Minister John Swinney said: “Despite constant improvements in technology, cybercrime rates show no signs of slowing. Criminals have no qualms in exploiting vulnerable people or situations and it is really important to prepare for the most common cyber attacks. The NCSC Exercise in a Box toolkit will help organisations in the public, private and third sectors ensure they are as resilient as possible.”
A webinar was held earlier this month for charities to learn more about cyber resilience.
Keeping your charity safe online saw staff from OSCR: Alison Stone, cyber coordinator at the Scottish Council for Voluntary Organisations (SCVO); and Kirstie Steele, cyber resilience community lead at the Scottish Business Resilience Centre (SBRC) provide a review of the most common types of cyber-crime and fraud along with providing plenty of practical advice for you and your charity on how to protect against these.
OSCR has said it is vital that charities seek support around cyber security, and report any breaches.
A spokeswoman said: “Cyber crime is on the rise as more organisations than ever are using digital methods of operating which create more opportunities for cyber-criminals. It is essential that charities protect themselves against potential cyber-attacks and take the necessary steps when incidents do occur. Protecting the charity is part of the duties of charity trustees to act in the interests of the charity and to safeguard its assets which include the charity’s records and information as well as money.
“If you are hacked, don’t panic and get advice. The incident line can provide support and advice to minimise the impact and take appropriate action. You should raise a notifiable event with OSCR and tell us what happened and from this we can then work with partners to protect the sector.
“There are many tools out there to support charities on their cyber resilience journey, so please check out guidance from OSCR and organisations such as SCVO to find sources of help and advice if you need to be better protected.”