The CyberScotland Partnership is calling on Scottish businesses to update and review their cyber security protocols and incident response plans, before Christmas and New Year. That holiday break means fewer people ‘on the ground’, potentially resulting in less oversight of critical systems and making businesses more vulnerable to attack, the Partnership says. This ‘downtime’ increases the chances that cyber criminals will strike, so business leaders must think ahead on how to stay safe.
Last Christmas Eve, the Scottish Environmental Protection Agency fell victim to a ransomware attack, resulting in 4,000 stolen files and around £2m in lost income. The Agency has since acknowledged that it lacked an immediate incident response plan and has been keen to highlight the importance of making strong plans and preparation to keep an organisation secure for whenever a cyberattack might hit. Hence the CyberScotland Partnership is directing business to its resource library of actionable advice to update their cyber security precautions.
Advice includes:
– Have an incident management plan: one in ten organisations do not have an incident management plan (National Cyber Security Centre, 2021). If an organisation is one of these, they should address this immediately and make sure physical copies are available should systems be disabled. The first step is looking at ‘what an incident would look’ for your organisation.
– Make sure data is secure: Business need to know what data they have if they are going to secure it. Regularly auditing data is important to ensure appropriate protections are in place especially for transferring data or storing data for prolonged periods such as during the Christmas break.
– Back up data using the ‘3-2-1’ rule: This is a popular strategy which can prevent you facing be used in most scenarios to provide a robust safeguard for your systems. Have at least three copies, on two devices, and one offsite backup.
– If you are attacked, know who to call on: The Scottish Business Resilience Centre’s (SBRC) cyber incident response helpline for those who think they have been the victim of a cyber attack is available on 01786 437 472.
Jude McCorry, pictured, Chair of the CyberScotland Partnership said: “In the lead up to the festive break, businesses need to think ahead about their cyber security and keep themselves safe. Staff will be looking forward to a much-deserved holiday, but businesses must remember that will leave some of their critical systems unmonitored. The best way to secure your cyber security over this period is to create a plan and prepare your response if a cyber attack occurs.
“To support businesses, the CyberScotland Partnership have curated easy to action resources and information that business can use to make sure they have robust plans in place. The resources cover topics from; what is included in an incident response plan to signposting relevant partners such as Police Scotland and the Scottish Business Resilience Centre who run cyber incident helplines.
“The important thing for Scottish businesses to do is to think ahead and act early to protect their critical data and assets.”
For the resource library visit https://www.cyberscotland.com/category/resources/.
