Cyber Scotland
If you suspect that you have been the victim of a cyber attack, it is essential that you act quickly to minimise the risk and impact. Your actions will be critical to damage limitation.
When a cyber incident or attack occurs, your incident response plan and capabilities should kick in.
Organisations looking for support and advice can call the free Cyber Incident Response Helpline.
The cyber incident response helpline is for the SME community and the third sector to help victims of cybercrime understand what support is immediately available to them and help them recover. The helpline is run by the Cyber and Fraud Centre – Scotland in partnership with the Scottish Government and Police Scotland and is available weekdays 9am-5pm.
This helpline will:
Part of the recovery plan is identifying what is happening and taking steps to mitigate the issue. The NCSC’s 10 crucial questions will help you to identified what has occurred and help you take steps to deal with the incident.
Once you have identified the issue, your Incident Response plan kicks in to action. You’ll also need to confirm that everything is functioning normally, and fix any problems.
Action your Incident Response Plan.
Depending on the incident this could involve:
This may involve you contacting your IT team or external IT provider to help resolve the issue.
Ensure the incident is communicated appropriately, whether that be to staff, wider business, or other stakeholders as part of your Incident Response Plan. You might have to consider secure or alternative communications in the event of a sensitive incident where normal channels are unavailable due to an outage in your system. An example of a set of incident response team roles is shown on the NCSC page “Creating your Cyber Security Incident Response Team“.
It is important that you know who within your organisation should be notified and how to notify them if you suspect you have been duped by a suspicious email, perhaps clicking on a suspicious link or visiting a suspicious website, or if your device is operating strangely.
Exploiting email and browsing remains the most common method of launching cyber attacks and gaining access to organisational networks.
These attacks are designed to both exploit and dupe you into ‘letting them in’. Anyone can fall for phishing attacks—it’s why they are the primary first choice of cyber criminals. It is essential that you don’t delay in reporting suspicious incidents. Do not just switch off the device and/ or walk away in the hope that it will all go away. Action is needed as quick as possible.
Clear communication will help minimise the short term impact of an incident and will assist in building trust with your customers, reducing the long term impact of an incident.
Cyber and Fraud Centre – Scotland in partnership with Clark Communications, have produced a Reputation Management Framework.
This document aims to support you in the event of a cyber security incident, by providing advice on when to disclose and ways to share the message effectively in such situations. This can improve and complement your existing practices and help to increase the resilience of your organisation if breached.
Download Reputation Management FrameworkYou can report Cybercrime as follows: By phoning 999 (emergency) or 101 (non-emergency) In person at any police station
Read more Report Cybercrime in modal dialogReporting a cyber security incident to NCSC.
Read more Reporting a cyber security incident to NCSC in modal dialogIf you are concerned your organisation has been the victim of either a cyber or financial fraud attack, you can call the Incident Response helpline. The free helpline will help organisations confirm they have been the victim of an attack […]
Read more Incident Response Helpline in modal dialog