This alert is based on observations from previous timings of high impact ransomware attacks that have occurred over holiday periods, rather than a reaction to specific threat reporting.
Cyber criminals have historically viewed holiday periods as a preferred opportunity to launch cyber-attacks, such as Ransomware, due to scaled down staff levels or indeed all staff being away from the work place.
Should your organisation be closed for the duration or having scaled down staff over the forth coming public holiday weekend, we would like to issue a cyber security reminder for you and your staff, to remain vigilant and take appropriate precautions to reduce risks from cyberattacks leading up to, during and following the public holiday weekend.
We would also like to urge IT professionals to prepare and remain alert, over the upcoming holiday period, and report any suspicious cyber activity.
Ransomware continues to be a national security threat and a critical challenge however, there are actions that organisations can take to proactively reduce their risk to cyberattacks.
The NCSC have produced this easy to follow infographic, 10 Steps to Cyber Security and we would ask you to share this within your organisation.
Cyber-attacks are commonly experienced as a result of Phishing emails. Phishing can be conducted via a text message (Smishing), social media, or by phone (Vishing), but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, instantaneously and hide amongst the huge number of genuine emails that are received, waiting for the unsuspecting recipient to click on a link to a fake website or download a corrupt file.
Phishing emails can be received by individuals and organisations of any size and type. Your organisation might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your organisation, where the aim could be something much more specific, like the theft of sensitive data. This link provides valuable guidance on Phishing attacks: defending your organisation.
Among protective mitigations, is the need for organisations to identify IT security employees for weekends and holiday cover, who would be available to provide IT support during such an event to provide the necessary support, resilience and recovery as part of your Incident Response Plan.
Developing a plan
A Cyber Incident Response Plan is a set of instructions that are designed to help you prepare, detect, respond and recover from cyber incidents. Having a plan will outline the recovery process, so that everyone knows what is required of them during an incident. Each department in your organisation should understand the incident response procedure. The Cyber Scotland Partnership have developed this free Cyber Incident Response Pack which is an easy-to-follow guide to setting up a cyber incident response plan for your organisation. It has checklists, action plans, and template documents that you can use today and this will help you identify and prioritise your organisations most valuable assets with links to advice to keep them secure.
Regular back-ups
As alluded to, Ransomware is a growing cyber security threat, and one which could affect any organisation that does not have appropriate defences in place. Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. You should perform a regular back-up of your systems and data, which will enable quick restoration of business functions. Importantly, having offline versions of your backups is your best defence, as you can wipe any encrypted devices and restore from your offline back up. Read the NCSC’s blog on offline backups for more advice and how to defend your organisation from potential malware and ransomware attacks.
Keep all software up to date
Electronic devices can hold personal or financial data so it’s important to make sure you secure these devices with strong passwords and update the software regularly. You should always install the latest software updates to protect your devices from vulnerabilities, so take some time to review security settings on all your devices to ensure they are as up to date as possible. If you have received an email which you’re not quite sure about, this link will provide you with guidance and the confidence to deal with it Report a scam email and how to forward it to report@phishing.gov.uk
If you have been a victim of crime, and it is not an ongoing emergency, you can report this to Police Scotland on 101.
This alert was provided for your information by Police Scotland Cybercrime Harm Prevention Team.