National Computer Security Day: Business Gateway partners with Scottish Business Resilience Centre to tackle cyber threats

Ahead of National Computer Security Day tomorrow (November 30th), Business Gateway has announced a new webinar with Scottish Business Resilience Centre (SBRC), to empower business owners to be cyber-aware and take control of their online security.

Taking place virtually on Wednesday, 30th November at 1pm, the webinar will be hosted by Sarah Johnson, Director at Scottish growth marketing company, IndigoLeap. She will be joined by SBRC experts Mike Smith, Cyber Incident Response & Threat Intelligence Manager and Kristie Steele, Cyber Community Lead.

The hour-long session will offer insights on the security landscape in Scotland, outlining how to recognise potential threats and what to do to ensure businesses are secure. The panel will explore the most common threats currently online, the impact of being victim to an attack and top tips for monitoring digital channels.

They will be joined by small business owner, Michael Cairns, who founded Celsius Plumbing in 2007 and was victim to a cyber hack earlier this year.

He approached Business Gateway in spring 2022 for help with search engine optimisation (SEO), after identifying a drop in website traffic and enquiries. He received 1:1 support from an expert consultant via Business Gateway’s Digital Boost programme, where it was discovered that the Celsius website had been hacked.

Although there was no breach in data, the website, which had previously hosted approximately 40 pages, now had over 10,000 pages on the website URL, meaning Google deemed it untrustworthy reducing its visibility to potential customers.

In addition to the webinar, Business Gateway also offers cyber resilience toolkits and an online tutorial which provides the basics to cyber security, building business resilience, and signposts tips on how to avoid data breaches. 

Mike Smith, Cyber Incident Response & Threat Intelligence Manager, SBRC, said: “For many small businesses across Scotland, protecting their business from cyber-attacks may not be a priority due to expertise or resource.

“However, being cyber aware is crucial for all businesses, and it is important that steps are taken to safeguard all types of data against loss.”

Hugh Lightbody, Chief Officer at Business Gateway, added: “We recognise now more than ever that businesses are stretched, focusing on operations as they continue to bounce back post-pandemic and amid the cost of living crisis.

“We hope that this webinar provides a valuable platform to understand how cyber-attacks can occur, and why it is so important for businesses to protect their business in the current climate.”

Michael Cairns, Director at Celsius Plumbingsaid: “After operating without a website for a number of years, we spent the last two years building our digital channels and could not understand why we were experiencing issues.

“We had worked with Business Gateway in the past, so it was our first port of call. Our DigitalBoost consultant, John Taylor, went above and beyond for us in identifying our issue and in helping us rectify it.

“We had placed a lot of trust in our web developers, but John helped us access our website and helped us understand the importance of Google Search Console, which we now know is vitally important to our online presence as it identifies vulnerabilities to our website.

“We are still slowly recovering our online presence; it has been a very long process and I would urge any business owner to familiarise themselves with online security to reduce their chances of becoming victims themselves.”

Business Gateway also works closely with Police Scotland’s Cybercrime Harm Prevention team, ensuring its service and advice reflect expert insights.

The following tips and strategies have been identified by Gordy Macdonald, Cybercrime Protection, Incident Support and Training Officer at Police Scotland, as a checklist for Scottish businesses this National Computer Security Day.

Five practical tips to avoid a cyber attack:

  1. Equip your staff with knowledge on how to identify Phishing attacks. Ensure staff are able to identify suspicious emails and are empowered to deal with these situations.
  2. Ensure your software is up to date. Allsoftware must be up-to-date, and all devices must be protected with the most up-to-date operating version from its iSP.
  3. Apply for Cyber Essentials certification. This Government back scheme will help protect your business against a range of cyber attacks.
  4. Install authentication methods to all systems and devices. Utilise2sv or Multi Factor Authentication (MFA) for all devices and online accounts to provide protection from unwarranted access.
  5. Frequently Back up your Data. Ransomware is the most prolific means used by Cyber criminals, by backing up data systems can be reset and resume more easily.

To find out more on how Business Gateway can help your business, visit: 

https://www.bgateway.com/

Or to book your place on the upcoming webinar ‘How to stay secure online’ visit: 

https://www.bgateway.com/events/how-to-stay-secure-online

Cyber security boost: Training to help safeguard Scottish organisations 

A £500,000 contract to extend cyber resilience training to more than 250 organisations across the country has been awarded by the Scottish Government.

The grant will enable the Scottish Business Resilience Centre (SBRC) to run online and in-person workshops for public services and third sector health, housing, and social care bodies to ensure they are better prepared and protected.

Scotland has been subject to a number of disruptive large scale cyber-attacks in recent years with developments in Ukraine and the recent COVID lockdown exacerbating the situation. 

The training, which has already benefited 450 organisations, includes mock scenarios such as a third-party software compromise, a ransomware attack and a threatened sensitive data leak.

It is hoped more than 250 organisations will benefit from the training programme, which comes ahead of a major summit in Edinburgh as part of European Cyber Security Month in October.

Justice Secretary Keith Brown, who will address the event, said: “We have all seen the devastating impact of an organisation falling victim to a cyber-related incident, so extending training to make more people aware of the risks is absolutely crucial.

“The Scottish Government is committed to ensuring Scotland leads the way in cyber resilience and security.

“This extended training will help many more organisations to stave off the threat of an attack, and protect against disruptive and costly data breaches.

“The workshops provide practical guidance to mitigate or respond to hostile cyber-attacks. I would urge eligible organisations to take up this opportunity to ensure they are protected.”

Jude McCorry, Chief Executive Officer of the SBRC, said: “There is no denying that the ongoing pressure facing everyone from a cyber-perspective has increased massively in recent years. Just as we see one organisation recover from the grips of a cyber-incident, another is targeted.

“It is also now believed that cyber criminals have targeted more than three-quarters of public sector organisations and, closer to home, we have seen this play out with a number of disruptive large-scale attacks already in Scotland.

“We don’t want to see more Scottish organisations fall victim to these attacks and that is why upskilling and awareness programmes continue to be so vital.”

SBRC will deliver the National Cyber Security Centre’s (NCSC) ‘Exercise in a Box’ programme on behalf of the Scottish Government. It has already upskilled 450 organisations across Scotland since being  launched in 2020.

Organisations interested in learning more about ‘Exercise in a Box’ are invited to attend a taster session on 25 August. Find out more or register here.

Top five cyber-resilience tips

1 Improve password security:

Creating strong, separate passwords and storing them safely is a good way to protect yourself online.

Use a strong and separate password for your email.

Weak passwords can be hacked in seconds. Make yours strong, longer and more memorable by combining three random words that you can remember.

2 Save your password in to your browser:

This is safer than re-using the same password for all your accounts. Save them to secure them.

3 Turn on 2-Step Verification:

Two step verification protects you with a second layer of security that checks it’s really you logging in. Think of it as a double lock for your data. Be doubly sure.

4 Update your devices:

Cybercriminals exploit weaknesses in software and apps to get your information. Updating fixes those weaknesses. Think of update reminders as an alarm telling you to act. Stay secure. Update regularly.

5 Back up your data:

If your phone, tablet or laptop is hacked, you could lose all your personal files including photos and videos. Keep everything secure by backing up. Back it up, keep it secure.

The Little Book of Big Scams

Nobody, whether a business or individual, wants to be a victim of a scam and suffer the financial loss, frustration and worry that it causes.

The information contained in this booklet can provide you with enough knowledge to have confidence in going about your daily business without the fear of falling foul of a scam.

You can view the booklet here ⬇️

https://www.sbrcentre.co.uk/…/Little-Book-of-Big-Scams…

Criminals using fakes to capitalise on coronavirus

DEVIOUS scammers are duping the public and businesses with counterfeit goods to profit from the panic and fear caused by the COVID-19 pandemic.

The Scottish Business Resilience Centre (SBRC) is reporting a spike in counterfeit crime along with cybercrime and fraud – as a result of the coronavirus outbreak, with reports of a 400% increase in the number of pandemic-related counterfeit and fraud reports in March.

Angela Brand, one of the officers seconded to SBRC from Police Scotland, says there has been a marked increase in phishing emails, scams, and a wide array of counterfeit goods being offered for sale, all related to COVID-19.

Higher demand for protective goods and pharmaceutical products, combined with more people searching online to source products, has resulted in criminals using the pandemic to take advantage of businesses and vulnerable citizens.

Experts across policing, security and the fight against illicit trade came together to advise businesses of the risks of illicit goods, via a webinar on Tuesday.

Angela said: “Counterfeit goods are a global problem, used to fund criminal activity. The fear surrounding the COVID-19 pandemic is being exploited by criminals who are seeking to profit from the sale of counterfeit goods.

“We are hosting this webinar to raise public awareness, and advise the business community in Scotland on how they can minimise  their risk of receiving counterfeit goods.

“Internationally, Interpol and Europol have successfully intercepted two counterfeit PPE scams worth millions of Euros; whilst our colleagues from The City of London Police have carried out some excellent proactive work surrounding counterfeit PPE in the UK – they will be discussing their recent successful operations in our webinar.

“When buying goods online, always use reputable sites. It’s important to check the website address to make sure it is legitimate. Look for substitutions such as ‘zeros’ used instead of the letter ‘o’, or additional letters or symbols in the address, which may indicate a fake or cloned website.

“If you receive an email offering goods or services, don’t click on any links embedded in the email. Instead, go directly to the website itself and check if the information contained in the email is valid.

“There are online tools and plug-ins available which you can use to screen websites and help identify potentially counterfeit products. Above all, use common sense and if you are even remotely suspicious, look elsewhere.”

Further advice and guidance is available on the SBRC website and anyone who believes that they have received counterfeit goods are advised to contact the police as soon as possible.

Angela added: “You can contact Police Scotland online, over the phone via 101, or in person at a police station. This can also be done anonymously if you wish.

“The sooner we know about the presence of counterfeit goods, the sooner we can instigate measures to remove them from our streets and prevent further criminality at the expense of our business community”.

Hosted by SnapDragon, Tuesday’s webinar drew on expertise from leading industry names to guide businesses on counterfeit goods amid the COVID-19 pandemic. The session covered the scale of the problem, positive enforcement actions, and how to identify online counterfeit goods.

Rachel Jones of SnapDragon focuses her work on defending businesses from counterfeits of their own brands . Her advice to businesses is that they can combat fake  goods relatively easily and cheaply.

Rachel said: “The most important advice for businesses is they can do something about counterfeit goods online and removing them using the intellectual property they own – such as copyright, design rights, trademarks and, although unusual, patents.

“It’s not a terribly complex business and is quick – we often see links to fake goods coming off Amazon, for example, in under five minutes.

“More businesses  should  explore the online world in terms of searching for copies of their brands and products, but not just in English. Search for variants of names and products in different languages to make sure you’re covering as much of the world as possible.”

Rachel said consumers should also be wary of online deals that look too good to be true, as it usually is.

She added: “Price is a good indicator, especially with lesser known brands, an online good can look like a good deal. Shipping location and time can also be an indicator. Even with COVID-19 restrictions, three- to four-week shipping times would be rare for many brands.

“You should compare goods with the original brand website, for price and things like shape, size and colour – lots of counterfeit goods won’t be exact replicas of the original. If anything looks off, you should steer clear and buy from a brand’s original website.”

Expertise was provided by the Phil Lewis from the Anti-Counterfeiting Group, DS Masterson from the City of London Police Intellectual Property Crime Unit ,Vicky Brock from Vistalworks, DI Donaldson from Police Scotland, and John MacKenzie from Shepherd and Wedderburn law firm.

To watch previous webinars, please visit: https://www.sbrcentre.co.uk/news/

The SBRC is a non-profit organisation which exists to support and help protect Scottish Businesses.

To ensure Scotland remains a safe place to live, work and do business, SBRC will be regularly sharing COVID-19 developments and advice from Scottish Government, its partners and members as they happen.

SBRC maintains a unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government, which gives the organisation exclusive access to the latest information to advise citizens and businesses how to interact safely.

Employers can also reach SBRC by emailing enquiries@sbrcentre.co.uk.

Edinburgh businesses warned of threats to vacant premises

EMPTY workplaces across Scotland are being seen as potential easy targets for thieves and vandals looking to commit crime.

The warning comes following a spate of attacks on premises across the country, suggesting criminals are keen to exploit the current COVID-19 lockdown which is leaving most commercial premises empty for extended periods – and a lack of potential witnesses on the streets.

Experts across policing, fire and rescue and the security sector are coming together to help advise businesses of the risks and dangers, via an upcoming free webinar as part of a timely series launched by the Scottish Business Resilience Centre (SBRC) at the outset of the COVID-19 response.

David MacCrimmon is seconded to SBRC from Police Scotland, as its lead for serious and organised crime and counter terrorism and will be available to speak with concerned business owners and keyholders at the session, which takes place on Thursday 16 April at 10am.

He said: “With most of us stranded in our homes, the clear and obvious place that burglars, arsonists and vandals will sadly be looking to will be our empty offices, clubs, bars and shops.

This could range from a one-off break in to steal alcohol from a bar, to an organised effort to steal valuable assets.

But businesses can limit their exposure to the risk – and there are reasonable steps they can still be taking to protect their premises while sticking to lockdown advice. This webinar will give us a chance to fully explain some of those options and for those that sign up to ask questions.”

Like previous webinars in the series, Thursday’s will see SBRC draw on its widespread expertise alongside leading industry names, to provide guidance to business owners concerned about the wide-ranging implications of the COVID-19 pandemic.

As part of its advice, the upcoming session will cover tips on what to remove from the premises, what to leave in windows, as well as how and when to safely visit.

Gary Wood, a Watch Commander with Scottish Fire and Rescue Service seconded to SBRC, will also lead a discussion on fire and safety risks – with simple tips that can be followed. He said: “With many businesses temporarily closed due to the current Government restrictions on Covid-19, premises may now be unoccupied.

Fire does not discriminate and can strike at any time including periods of unprecedented situations such as the global pandemic we currently face. But with a number of straightforward steps, it is possible to appropriately manage fire risk within your temporarily vacant premises.

The watchwords are ‘Protect the building – Protect the business’. There can be a link between fire risk and criminality in terms of the risk of wilful fire raising.

This webinar will focus on practical guidance and advice that business owners and managers can use to mitigate those fire risks”

Further expertise will be provided by Ronnie Megaughin, Regional Manager for Scotland and Northern Ireland with the Security Industry Authority and Allan Burnett QPM, Operations Director with SecuriGroup.

During its first week, the SBRC provided advice to more than 600 business people across areas from cyber security to the legal implications of COVID-19. So far the dedicated webinars have been viewed by more than 1250 individuals.

To register for the session on vacant properties, please register here: https://bit.ly/3efzHkJ

To watch previous webinars, please visit: https://www.sbrcentre.co.uk/news/

The SBRC is a non-profit organisation which exists to support and help protect Scottish Businesses.

To ensure Scotland remains a safe place to live, work and do business, SBRC will be regularly sharing COVID-19 developments and advice from Scottish Government, its partners and members as they happen.

SBRC maintains a unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government, which gives the organisation exclusive access to the latest information to advise citizens and businesses how to interact safely.

Employers can also reach SBRC by emailing enquiries@sbrcentre.co.uk.

Protect your passwords, protect your business

Businesses and projects in Edinburgh are being advised to put in place stricter rules around passwords to protect staff and systems, as the country switches to home-working amid the coronavirus pandemic.

Following UK Government advice for businesses to work from home where possible, due to the rise in cases of COVID-19, the Scottish Business Resilience Centre (SBRC) is warning employers how this can increase an organisation’s vulnerability to cyber-attacks.

This was demonstrated just weeks into the COVID-19 outbreak, with scammers already capitalising on fear and system frailties, and scams relating to the virus costing UK businesses nearly £970,000.

SBRC is advising businesses to quickly and easily increase their security by using password manager software and implementing a two-factor authentication.

Declan Doyle, Ethical Hacking Consultant at SBRC, said: “We’ve seen a huge increase in the number of phishing scams since the outbreak of the virus – including fraudulent emails targeting businesses about fake Government tax rebates and Coronavirus funding.

“Criminals are very smart, and as much as we can find, identify and shut down scams, the best course of action is to tell people what to look out for and give them advice to follow to minimise the risk of falling victim to these traps. Increasing your online security is one way to do this.”

Eamonn Keane, Chief Operating Officer for Cyber and Innovation at SBRC, said: “The last thing any business battling the impact of coronavirus needs right now is a crippling cyber-attack.

“The prospect of thousands of temporary home workers, potentially accessing a range of vital business servers and applications from vulnerable home internet connections, or using old or inadequate laptops or PCs, is a scary one.

“One of the easiest ways for businesses to avoid cyber-attacks is to set up a password manager to secure, store and generate passwords for your team which can be accessed across various devices.

“Attackers use different techniques beyond hacking to discover passwords, including phishing, automated guessing using the most commonly-used passwords, manual guessing and intercepting networks. Password managers and two-factor authentication can easily put a stop to a lot of these tactics.”

Andy Maclaren, Head of IT Services at SBRC partner, Consider IT, said: “Password managers typically generate a long, secure and unique password for each website a user logs into, avoiding reusing passwords across different websites.

“This way, if a particular website’s database is hacked or leaked, attackers won’t be able to use the same log in details to access all of the other services your email address has signed up to.”

Two-factor authentication asks users for their password as normal, but also asks users to provide a second piece of information such as a code sent to an email address, or a fingerprint scan on a phone.

Eamonn added: “Two-factor authentication is just another way of ‘double-checking’ you are who you’re claiming to be when you’re logging into business accounts – meaning even if someone hacks or gains access to your password, they won’t necessarily be able to access your accounts.

“At SBRC, we endeavour to maintain Scotland’s reputation as a safe place to do business, so we will do everything we can to keep our partners, members and the public as up to date as possible in these uncertain and ever-changing times.”

The Scottish Business Resilience Centre is a non-profit organisation which exists to support and help protect Scottish Businesses.

To ensure Scotland remains a safe place to live, work and do business, SBRC will be regularly sharing COVID-19 developments and advice from Scottish Government, their partners and members as they happen.

Over the coming weeks SBRC will be holding a series of 60-minute webinars aimed at helping Scottish businesses prepare and survive the human and commercial impacts of COVID-19.

SBRC maintains a unique connection to Police Scotland, Scottish Fire and Rescue Service and Scottish Government, which gives the organisation exclusive access to the latest information to advise citizens and businesses how to interact safely.

Employers can also reach SBRC by emailing enquiries@sbrcentre.co.uk.

Scottish workers encouraged to be mindful of mental wellbeing this winter

THIS WINTER, bosses and employees in Edinburgh are being urged to look out for the mental health of other colleagues as the end of the year draws closer.

Despite one in four Scots experiencing common mental health problems, in many workplaces it remains a taboo topic. Continue reading Scottish workers encouraged to be mindful of mental wellbeing this winter

ATM scams: Christmas crime

FESTIVE SHOPPERS in Edinburgh are being warned against the latest ATM scams hitting high streets across Scotland this Christmas and New Year’s.

The Scottish Business Resilience Centre (SBRC) has issued a call for extra vigilance when withdrawing cash over one of the busiest periods of the year for shopping. Continue reading ATM scams: Christmas crime