CyberScotland Bulletin

NCSC Cyber Aware Campaign aims to help keep online shoppers more secure

The National Cyber Security Centre (NCSC), with support from DCMS, the Home Office and the Police, have relaunched the Cyber Aware campaign to encourage the public to shop online securely in the run-up to Christmas. This comes as new figures revealed victims of online shopping scams lost on average £1,000 per person in the same period last year.

The key messages of the campaign are:

• Protect your accounts: use three random word passwords and set up 2-step verification for your email
• Check before you buy: Research online retailers to check they’re legitimate. Read feedback from people or organisations that you trust, such as consumer websites.
• Report suspicious activity: users can report suspicious emails, texts and websites.

You can support the campaign by sharing posts from the NCSC Twitter and LinkedIn channels

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

Scams to watch out for this holiday season

At this time of year, people will be expecting genuine parcels to be delivered so there is a higher chance of these parcel updates being opened and links being clicked within emails or messages. Criminals may claim to be from well-known delivery providers such as Royal Mail, Evri, DPD and more, requesting payment due to a failed delivery attempt or asking you to provide personal or financial details. Consumer company Which? explains how scammers attempt to steal your personal details by impersonating the Post Office.

Be on the lookout for ‘too good to be true’ offers and discounts when shopping online. Whether you are booking your next summer holiday, buying the latest tech gadget, donating to charity, or purchasing a concert ticket, make sure to check before you buy and use secure methods of payment to stay ahead of the threat.

Spotting scam emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. The NCSC has advice on how to spot the most obvious signs of a scam, and what to do if you’ve already responded. If you have received an email which you’re not quite sure about, forward it to report@phishing.gov.uk

Trading Standards Scotland has compiled a list of A-Z common scams that consumers should be aware of this winter. Each day in December they will focus on a different scam. By being aware of the types of scams circulating during this time, you can protect yourself from falling victim.

Scottish organisations to prepare your incident response plan

Organisations should take appropriate precautions to reduce their risk of falling victim to cyber-attacks leading up to and during the holiday season. Malicious cyber actors have often taken advantage of holidays and weekends to attack and disrupt critical networks and systems belonging to organisations, businesses, and critical infrastructure.

At this time of year, organisations will start to close and will be running with a heavily reduced staff count which can make organisations vulnerable. It’s important for staff to beware of phishing emails which try to trick you into clicking on links, requesting you update bank account information or make invoice payments and requests.

It’s important to review your business continuity plan and know where you can seek advice and support should you need it.

Our Cyber Incident Response Pack provides you with practical advice on handling a cyber incident. The pack includes a Prepare Your Business Checklist, Emergency Contact List Template to help centralise important contact information, and advisory pieces on reputation management and legal considerations to help you plan your response.

SBRC’s free Cyber Incident Response Helpline (0800 167 623), can support organisations who believe they may have fallen victim to a cyber attack and need urgent advice.

CyberScotland Podcasts

CyberScotland Partnership has released its first episode in its new podcast series. The CyberScotland Podcast series features guests from across the Scottish cyber security industry and will cover a range of cyber resilience topics including incident response, skills and good cyber practice for individuals.

In the first episode, we look to answer the question – what is the CyberScotland Partnership? Our first guest, Keith McDevitt, Cyber Integrator at the Scottish Government, was instrumental in getting CyberScotland off the ground. We discuss the days before CyberScotland, where the idea came from and the benefits of working in partnership.

Listen to the podcast here. Keep an eye on our website for more episodes over the coming weeks.

Countdown to Christmas, Advice Direct Scotland

Advice Direct Scotland will be looking at the different areas that may be at the forefront of the minds of Scottish consumers this festive season in their ‘Countdown to Christmas’ campaign.

This campaign will run throughout the festive period, sharing practical and actionable advice and information in ways you can keep on top of things finically, consumer rights, and signposts to sources of support that are available when you need them.

CyberScotland Week, 27th February – 5th March 2023

CyberScotland Week is Scotland’s annual week-long festival of events on cyber awareness, cyber careers and innovation in cyber security.

There are many ways you can get involved in the week. You could host an event and share your knowledge with customers, colleagues or friends. Increase your cyber awareness and resilience by attending events throughout the week and sharing our resources on the CyberScotland website.

This is a fantastic opportunity for you and your organisations to stay secure online and learn how you can protect yourself, protect your business and be more cyber aware.

To offer to host an event or speak at one, please contact info@cyberscotlandweek.com

Keep up to date on social media: Facebook, Twitter, LinkedIn #CSW2023

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Public Sector Cyber Up-Skilling Fund

Are you interested in upskilling your employees in the area of cyber security, at no cost to your organisation?

A one-off scheme, funded by the Scottish Government and administered by ScotlandIS, the trade body for tech in Scotland, is looking to help public sector bodies improve and accredit the cyber security skills of their employees.

The fund will be allocated on a first-come, first-served arrangement so you should act fast to avoid disappointment. Click here for more information and to see if you are eligible for this funding.

SQA Level 3 Cyber Security, Monday 12^th December, 4pm

Teachers: Education Scotland has created learning and teaching resources for the new cyber security unit at level 3 the SQA has created.

The new unit will give learners a basic introduction to cyber security and the skills and knowledge they will need to undertake NPA Cyber Security at Levels 4,5 & 6.

This webinar is for secondary teachers who are planning to offer the new cyber security unit. Sign up here

Exercise in a Box Workshop – exercising your response to a cyber incident, 15^th December 9.30am

Scottish Business Resilience Centre is facilitating workshops taking Scottish public and third-sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, ‘Sensitive Data Leak’ and ‘Micro Exercises’.

This is a great opportunity for you to test the resilience of your organisation.

December 9.30 – 11 am

• Exercise in a Box ‘Ransomware’ MS Teams – 8th December
• Exercise in a Box ‘Digital Supply Chain’ MS Teams 15th December

Workshops are free to those in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below.

Find out more details and book ongoing Exercise in a Box events

GCHQ Christmas Challenge, Wednesday 14^th December

Secondary schools and colleges – register your interest to receive the GCHQ Christmas Challenge resource pack on Monday 12 December to prepare for the challenge on Wednesday 14^th December.

The #GCHQChristmasChallenge is packed with puzzles that you need to crack to uncover a hidden festive message. It has been designed specifically for 11 to 18-year-olds.

The challenge will be available to everyone on the GCHQ social media channels and the GCHQ website on Wednesday 14 December.