Over half of the charitable organisations say they deal with sensitive data, according to a recent National Cyber Security Centre survey. It is therefore of utmost importance that this data is secured as efficiently as possible. Findings from the survey state that exactly 50% of the charities that responded, say they are likely to experience cyber-attacks. As technology grows, it is difficult to keep up with the evolving processes used for protecting your data.
The Scottish Government’s Cyber Resilience Unit organised and hosted a webinar titled, ‘Third Sector Cyber Resilience Network: Cyber Incident Management Plan’ on 22nd June, in collaboration with CyberScotland, Scottish Business Resilience Centre and Sight Scotland. The webinar was attended by over 30 third sector and public sector organisations (more specifically from the social care sector, with a few mental health services, as well as housing and disability organisations) and was very well received.
The webinar was hosted and moderated by Anthony Morris (Head of Third Sector and Public Sector Coordinator, Cyber Resilience Unit, Scottish Government), and delivered by guest speakers, Kirstie Steele (Community Lead, CyberScotland), Mike Smith (Incident Response & Threat Intelligence Manager, Scottish Business Resilience Centre) and Kevin Burns (Head of IT, Sight Scotland). The speakers talked in detail about how incident management plans can help organisations prepare for a cyber incident and what should and can be included in those plans.
Anthony, kickstarted the webinar by talking about the Third Sector Cyber Resilience Network that holds regular non-technical webinars, focusing on topics to help manage cyber risks. The network is open to all staff and volunteers from third-sector organisations and is an opportunity to share good practices and look at what support is available beyond regular webinars. If you would like to join the network, please email Anthony Morris, at anthony.morris@gov.scot.
“It was a pleasure to be joined by our cyber experts from the Scottish Business Resilience Centre, CyberScotland and Sight Scotland. They all did a fantastic job in sharing why cyber incident response plans are important and practical and easy steps to create and manage them. I hope the session was helpful for attendees and I look forward to further webinars to support organisations to become more cyber resilient.”
Anthony Morris, Head of Third Sector and Public Sector Coordinator, Cyber Resilience Unit, Scottish Government
The second speaker, Mike Smith, talked about the SBRC’s free Cyber Incident Response Helpline, which supports Scottish organisations in the event of a cyber or financial fraud attack. Mike talked about the foundation of the helpline. In partnership with the Scottish Government and Police Scotland, SBRC launched the UK’s first cyber incident response helpline for public, private and third sector organisations. He also emphasised the significance of integrating an incident response plan in the workplace, irrespective of the size and sector of the organisation. He concluded the session by reminding everyone that if any organisation is concerned about their IT security at any point, they should not hesitate to call SBRC for support and if they think there is a criminal activity, please report the crime to Police Scotland by calling 101.
“The Scottish Business Resilience Centre now have an updated ‘freephone’ Incident Response hotline number – 0800 167 0623. All third sector and public sector organisations calling this number will be provided with initial Incident Response support and guidance, and, if required, we can direct you to our Cyber Incident Response Cardre who will be able to provide additional in-depth incident response services.
SBRC can also provide ongoing support along with our Police Scotland Cyber Prevention team partners.”
Mike Smith (Incident Response & Threat Intelligence Manager, Scottish Business Resilience Centre)
The next speaker, Kirstie Steele, talked in depth about why organisations must have a clearly defined plan to prevent, detect, respond and recover from cyber attacks, particularly the most common attacks. She shared further details on how the CyberScotland Partnership and the SBRC have created a Cyber Incident Response Pack that contains documents to help support your organisation plan your response to a cyber incident. Kirstie shared how cyber-attacks are an additional business risk for organisations and they should be planned for like any other risk to the business.
She recommended that all organisations across Scotland visit the CyberScotland Partnership portal to find the most up-to-date informational advice and guidance on creating a cyber response plan.
“Taking steps towards good cyber resilience can be easier than you think. Our Cyber Incident Response Pack is a brilliant resource to help organisations plan their response to cyber incidents. Within the response pack, there is plenty of support and advice available and a lot of it is free, that can help charities prepare for cyber incidents. It’s got checklists and templates that have been put together by experts in this area, and I would recommend that charities take the time to go through this resource.”
Kirstie Steele (CyberScotland Community Lead)
The final speaker of the webinar, Kevin Burns, shared how organisations are now realising the impact of a cyber-attack, not just for the amount of work placed on the IT team but the gap in the skills required to investigate and report on the attack. He talked in detail about his Cyber Implementation Plan, and various components such as Policies, Security Appliances, Cyber Catalyst Role and more.
“Cyber Security starts with strong policies – staff need to know what they can and can’t do and be given an explanation if they feel they have been restricted in some way.
The security of an organisation very much relies on all departments working together. The webinar was very much in the context of building security policies – password and patch management for IT, onboard and offboarding for HR and visitor control procedures for Facilities.Additionally, Cyber Catalysts are there as a source of information and to open communication channels for organisations who are looking for help and advice around security topics.”
Kevin Burns, Head of IT, Sight Scotland
The webinar concluded with a Question and Answer session. Attendees found the webinar very useful and shared that the content in the presentations was very informative. The participating host organisations offered one-to-one support as well as agreed to provide bespoke services and help to any organisation in need of it.
The important takeaway from such interactive webinars is that we are all vulnerable and we should be talking about cyber security and the need for building our cyber defences before it is too late. Watch this space to hear about the upcoming workshops.
You will find below some helpful links that were discussed in the session for sharing.
- Download the IR Pack here: https://www.cyberscotland.com/developing-an-incident-response-plan/
- Sign up for the CyberScotland Bulletin: http://eepurl.com/hsagRL
- Incident Response Helpline: 0800 1670 623
- Exercise in a Box Workshop: https://www.cyberscotland.com/exercise-in-a-box-workshops/