Welcome to the
Scottish Business Resilience Centre
We are a unique organisation comprising contributions and secondments from Police Scotland, Scottish Government, Scottish Fire and Rescue Service, major banks, industries, investors and private membership. We aim to provide our members with a wide ranging one stop shop for business security services and advice and to date have established ourselves as a hub of innovation and business improvement in support of our partners and the business community.
Scottish Cyber Awards
We are delighted to announce that all of the award sponsorship opportunities for the Scottish Cyber Awards sold out within a week! This is a great indicator of the excitement and anticipation surrounding Scotland's first Cyber Awards Ceremony. Award applications will open on Monday the 4th of July and all of the information you need to apply will be right here on the SBRC website.
Scottish Cyber Awards - Category Sponsors
Do you have responsibility for Lone Workers?
The Personal Guardian could be just what you are looking for.
Scottish firms asked to join terrorism awareness scheme
Scottish businesses and organisations are being urged to sign up for a scheme to keep their staff and the public safe in the event of a terrorist attack.
The scheme, called Project Griffin, is aimed at workers in busy or crowded places, including the hospitality industry and the health service.
Ch Insp Ronnie Megaughin, deputy director of the Scottish Business Resilience Centre, said: "This extension of Project Griffin, which will enable a greater number of businesses to ensure their staff are sufficiently aware and prepared for an act of terrorism, is most welcome.
"Whilst being prepared and knowing what to do is vital, it is equally important that as many people as possible who work in busy places are aware of the threat and are better equipped to recognise and report suspicious activity.
Didn't make it to the Real McCoy event in Glasgow last week? Don't worry you can find out what it was all about in this brief overview below:
Overview of New EU Data Protection Legislation from PricewaterhouseCoopers
(Please click on the image below to read the full document)
Small Firms Struggle To Tackle Threat of Cyber Crime
Scotland’s small businesses are aware of the increasing threat of cyber crime but are still failing to act on the threat effectively, according to the most detailed cyber security survey of small businesses in the past year.
The survey highlights how firms are being overwhelmed and confused by the amount of advice around cyber crime. As a consequence they are choosing to take only the most minor “common knowledge” preventative measures, like using anti-virus software and firewalls, which leaves them unwittingly vulnerable.
The survey also shows that SMEs still do not regard the data they hold, whether their own or that of customers, as having value.
The study is the first of its kind to assess why Scotland’s SMEs are not doing more to protect themselves, despite the almost daily reports of companies being hacked, having personal data stolen or experiencing a loss of business.
The research, by the University of Glasgow, was commissioned by the Scottish Government and the Scottish Business Resilience Centre (SBRC) and funded by a Royal Academy of Engineering Industrial Secondment Grant.
SBRC Director Mandy Haeburn-Little said the survey provides crucial guidance on how small businesses, government and other agencies all need to change their thinking to counter the threat of cyber crime.
She said: “It’s vital we do everything we can to support smaller companies including the many, many companies who work from home. These findings will help us to do this. The findings show that SMEs do care and take cyber crime seriously, but they are hitting obstacles on what to do about it. However also particularly concerning is that many small businesses still do not recognise that there is a value attached to the data they hold .
“The fact that there is so much advice online – and also significant levels of conflicting advice - is leaving them confused, bewildered and overwhelmed. The survey also shows that the majority of people simply turn to Google for advice despite there being several dedicated websites and portals of guidance available.
“This all points to the need to establish clarity over recommended actions and a single source for advice and contact. This is very much in line with the concept of the creation of a cyber hub for Scotland which would act as one trusted source of advice and cyber security services at affordable cost. SBRC is taking forward the scoping of this concept with more news on this expected in the next six months.”
The SBRC is considering how small businesses can be more supported with their specific needs and for other simple measures to be introduced to keep cyber crime front of mind to help to drive behavioural change.
University of Glasgow senior lecturer Dr Karen Renaud, who was seconded to the SBRC and who conducted the survey, found that:
• 95% of businesses carried out security activities that showed they did care about security, but only 15% thought they were at significant risk of being the target of an attack.
• More than 50% said they consulted Google for cyber advice with less than 7% consulting Government websites. With 12 million results coming up on Google, firms feel unable to identify trustworthy advice and are left floundering.
The recent Cyber Breaches Security Survey, carried out by Ipsos Mori for the UK Government, found two-thirds of large British businesses have experienced a cyber attack or breach in the last 12 months – one in four of which were attacked at least once a month. More than half (53 per cent) of small businesses in Scotland think it is unlikely or very unlikely they would be a target for an attack and only 23 per cent feel completely prepared for one, with 19 per cent saying they have not taken any steps to protect their data.
The SBRC, whose partners include the Scottish Government is now proposing to highlight the survey recommendations in its ongoing discussions with the Scottish Government and Police Scotland as part of Scotland’s developing cyber strategy.
Cyber crime can take many forms, including theft, fraud, selling sensitive company data and sabotaging equipment.
In the past year, notable cyber attacks have included the TalkTalk scandal and the crashing of the BBC website; however, smaller firms are at an increased risk due to limited resources and lack of in-house IT capabilities.
As part of its cyber prevention guidance, the SBRC provides crucial, affordable services to protect companies by working with ethical hacking students - particularly vulnerable small firms - from e-criminals and scammers.
These assessments can vary from a cyber footprint review, which assesses what information is available online about a business or an individual and how that can be better managed, to a security test which looks to identify the risk of unauthorised intrusion from an external or internal source.
Other cyber assessments can be carried out including cyber attack rehearsal, simply business hygiene checks for small companies and phishing simulation.
Meet Our New Ethical Hackers!
We are delighted to be continuing to work with Abertay Ethical Hacking students to improve business cyber security. This will be the fourth year running that we will be having ethical hacking students work with us directly here at the centre. Due to increasing demand we have been offering cyber services all year round but now that the students will be based with us here in the office over the Summer there is no better time to get in touch with your cyber security concerns. Pensioners Conned Out Of Life Savings
Eight conmen who operated a scheme in which they pretended to be police officers in order to con pensioners into handing over large sums of money have now been jailed according to news circulating today.
In order to avoid falling prey to similar scams please consider the following advice provided by SBRC's Financial Resilience Manager Graham Vance:
Banks and other financial institutions will NEVER phone or contact customers advising them to move money from their accounts for any reason. If you receive a call from anyone saying they represent your bank, politely refuse to comply with any instructions, hang up, wait for a few minutes and then contact your bank on a number that you know relates to the bank. Before you dial your bank’s number make sure you hear a dialling tone. Criminals who are trying to scam you will try and hang on the line to keep it open for as long as the telephony system will allow before automatically closing the connection down.
We were delighted to be featured in a recent Bright Red Triangle Bites e-mail as you can see below:
If you would like to check out the password checker tool for yourself to find out how long it would take a hacker to crack your password just click here. Business Extortion Alert from National Fraud Intelligence Bureau
A number of businesses in the UK have recently been targets of online extortion attempts. To read the urgent alert released by the National Fraud Intelligence Bureau on this issue, which includes advice, please click on the image below.
Bitcoin Creator Revealed
To read the full article from BBC News please click on the image below
Fake Scottish Salmon Story Highlights Need to Protect Scottish Brands
As news breaks today of Chilean salmon being fraudulently sold in America as Scottish salmon there is no better time to focus on protecting Scotland’s brands from illicit trade.
Chief Inspector Ronald Megaughin, who is serving as Deputy Director of the Scottish Business Resilience Centre (SBRC), said:
"Scottish food and drink is world renowned for its quality and remains an integral part of our economy. This makes it a target for unscrupulous criminals.
"Illicit trade of this nature is a crime with many victims, from the source of the fake produce, where workers can be subject to appalling work conditions and even modern day slavery, through to the loss of earnings to honest firms and the wider economy. Furthermore illicit trade is often used to fund further criminal activity, including human, drug and weapon trafficking."
The SBRC is hosting an internationally significant event to highlight the consequences and impact of illicit trade, 'The Real McCoy' on 27th May at the Glasgow City Chambers, featuring expert contributors from Homeland Security, Interpol and Europol.
Coinciding with the event will be a fully interactive live ‘street market’ stocked with fake produce, located on George Square and intended to highlight the often hidden dangers of fake goods to the wider public.
To find out more about The Real McCoy events please click here To read the fake Scottish Salmon story from the BBC please click here.
The SBRC 2016 Issue 2 Newsletter is out now!
Just click on the cover image below to learn about our latest events, find out the great milestone we are celebrating this year and get a first-look at the exciting awards ceremony we will soon be launching.
Passwords, phones and privacy settings: how to protect yourself online
Stay safer on the internet with tips from the Guardian on shoring up your digital security. To learn how to secure your passwords and make sure your personal details are not widely available online click here to read the full article.
Scottish Police Federation: Scotland needs a cyber security agency
Rank-and-file police officers are calling for the creation of a dedicated cyber security agency in Scotland.
The Scottish Police Federation, which represents over 17,000 police officers north of the border, said Scotland has the “potential to be a global leader”.
The call for a standalone agency came as the body published its manifesto ahead of the Scottish Parliament election on May 5.
To read the full story from Holyrood.com please click here Scotland Announces First National Cyber Awards Ceremony
Key public bodies, along with leading private firms will endorse a new awards ceremony to recognise Scotland’s commitment towards cyber security excellence.
Set to take place in November this year, the awards will feature categories that celebrate innovative new technologies, the good practice of both small and established companies and progress within the education sector.
Recent research has revealed that large numbers of people receiving pension money do not take appropriate, qualified and professional advice on how to manage their money. Receipt of pension money is an event to be savoured and celebrated – it can also be the source of heartbreak, broken relationships and deterioration in health if not managed properly.
The situation in the UK is quite clear. Anyone offering financial advice must be registered with the Financial Conduct Authority. The reason for this is to make sure that people receive appropriate advice and guidance which is approved by the financial regulators. Taking advice from unqualified “financial consultants” or “investment managers” is a very risky business and exposes people to the risk of fraud resulting in significant financial losses. Moreover, should people find themselves out of pocket because of advice taken from unregistered consultants they are unlikely to have recourse to the financial compensation scheme.
Fraudsters have no conscience. They constantly seek innovative ways of relieving people of their hard earned cash. The methods they use are many and varied from cold calling investment opportunities to mail and telephone scams. Probably the most common method used is internet schemes where fraudsters pose (through e-mails and websites) as genuine businesses, enticing people into providing personal details or worse, bank details.
The message from the Scottish Business Resilience Centre is simple:
If you are in receipt of a lump sum, whether it be the proceeds of a pension or matured insurance policy, take advice from a trusted and qualified financial advisor. The names of all registered advisors are posted on the website of the Financial Conduct Authority and if your advisor’s name is not there you should be asking some serious questions.
Treat all cold callers (on the phone or at the door) with the utmost suspicion and do not provide or confirm any personal details until you are absolutely sure who you are dealing with. Do not be pressured into making a quick decision – this is a common method used by fraudsters who will tell you that the offer is off the table as soon as they leave you or hang up.
Never trust e-mails that you are not expecting. If you are in any way suspicious come out of the e-mail and search the sender of the e mail on a recognised search engine.
Remember that receipt of lump sums can often have the effect of making normal, rational, logical people vulnerable to scams and frauds. Be sensible, take a deep breath and consult with a qualified professional – a short pause at the start will give you the comfort of knowing that your decisions were sound and may save you a lot of heartache and regret later on.
A handy article from Cnet explains how to encrypt iOS and Android devices as well as detailing the pros and cons of encrypting certain devices. If you are considering encrypting your smartphone you may want to read the guide here.
Worried about Ransomware?
Thomas Stanford have produced a free guide on how to stay protected against this evolving threat. Find out more here. SWITCH IT OFF!
Why it's dangerous to leave your Wi Fi on as demonstrated by one of our superb speakers from the Trading Securely conference, Glenn Wilkinson.
Meet our new Ethical Hacking Student!
Lisa Fiander is one of our team of newly recruited ethical hacking students who will be working with us over summer 2016 to help business combat cybercrime.
Have you read the Little Book of Resilience?
It's author, Liggy Webb of The Learning Architect, has kindly made it available here for free. Click here or on the image above to start reading!
Cyber Security Advice videos from our Ethical Hacking Team
Our ethical hackers have recorded several videos which provide advice on different cyber security issues. The latest video is below and you can you can view the full range of videos by clicking here.