All Change? Chief Constable announces plans for ‘service transformation’

Chief Constable Jo Farrell gave a wide ranging update on how Police Scotland is delivering for the public during a meeting of the Scottish Police Authority Board yesterday (Thursday 22 February).

The Chief outlined the implications of policing’s budget allocation and discussed necessary criminal justice reform and the need to reset the parameters around Police Scotland’s role in responding to mental health incidents.

CC Farrell also shone a light on policing’s response to serious offences and securing important court outcomes; seizing illegal drugs; road traffic enforcement or picking out the unsung proactive community policing and prevention we know the public values.

The Chief also discussed joint work with the Authority to progress a programme of change across policing in Scotland.

CC Farrell said: “Change can be unsettling but we are building Police Scotland from a position of strength and we must clearly explain the changes to the public – and our officers and staff – so they can be confident in their police service.

“I have asked Deputy Chief Constable Jane Connors to lead our programme of change, focused on delivering service transformation at pace, prioritising the frontline, removing back-office duplication, and creating capacity to deal with new and increasing threats.

“The change programme will inform how we shape, train, enable, equip and deploy our greatest asset – that is our workforce, our officers and staff – to best meet the evolving needs and complexities of our diverse communities at best value.

“Our primary investment will always be in police officers. As Chief Constable, entrusted with significant public funding, I have a duty to ensure I maximise the number of experienced officers available to the frontline through the right investment in non-warranted support.

“So we will carefully examine which roles can and should be done by police staff, enabling a wider range of people access to a policing career and allowing even more of our officers to return to frontline and operational policing roles.

“Our aim is – must be – to bring the frontline of Scottish policing to the strongest position possible within the resources available.

“I think that’s my duty as Chief Constable, I think it is what the Authority would expect and demand. Providing the highest possible level of safety and security with the funding available is what the people and communities of Scotland deserve and would expect.”

WATCH the meeting here

Keep kids safe online this summer

During the summer holidays children will inevitably have more access to screen time, especially in the form of the internet.

Internet safety has become an increasingly worrying problem amongst parents, however internet expert Allison Troutner from VPNOverview.com has listed the best ways to keep your child safe online:

1. Consider a family ‘tech agreement’

One way to set ground rules with your child is to create a Family Tech Agreement. A family tech agreement answers as many questions as possible about internet and device use so boundaries are clear to all family members. It’s a good way for the whole family to talk about safe and responsible online behaviours.

To create a family agreement, discuss topics like:

  • What apps, games, or sites does the family use most?
  • What rules do we want to include in our agreement?
  • How long should we spend on our devices?
  • What information is safe to share (or not)?
  • What do we do if we see something inappropriate?
  • What email address do we use to sign up for accounts?
  • Do we know how to use in-app safety features like blocking and reporting?
  • Who can we talk to if we feel uncomfortable with something online?
  • Who is safe to talk to?
  • What happens when someone breaks the agreement?
  • When might parents be forced to break the agreement for safety?

This is a starting point: your family may discuss more topics on internet safety for kids depending on the ages of your child or teens and what devices you use.

2. Report any harmful content that you see

Flag or report all harmful content or contact you or your child experiences using social media apps using in-app reporting features. For cybercrimes, cyberbullying, or harmful content, use in-app features like Twitter’s safe mode to report it. Most social media companies have their own safety and privacy policies and will investigate and block content or users. Apps geared towards kids, like Facebook Messenger Kids, have clear guidelines and safety features so that users can block content or contacts and have a safer experience in the app.

3. Balance safety with independence

Technical controls can be a useful way to protect your children online but they can’t solve all your problems. Children need a certain amount of freedom and privacy to develop healthily. They need their own free space to learn by trial and error what works and what doesn’t. So keep balancing, it’s part of it. Having open and honest conversations with your children can be the best way to balance this safety.

4. Keep the computer in a common space

If possible, keep computers and devices in a common space so you can keep an eye on activity. It prevents children from doing things that might be risky. Also, if harmful or inappropriate content appears through messages, you can address it with your child straight away.

5. Password-protect all accounts and devices

From phones to computers to apps, put a password on it. That way, no one without the password can access you or your child’s device. Keep track of passwords by using a password manager.

6. Update your operating systems regularly

All of your devices from mobile phones or tablets to computers and smartwatches receive important updates in response to security issues on a regular basis. Be sure to install them regularly so you have the most up-to-date security fixes and remain safe online. Our recommendation is to set updates to install automatically so your device is less vulnerable to known attacks. Usually, you can find this feature in Settings, then select Automatic Updates, but it varies between devices.

7. Install security or antivirus software programs and a VPN on your computer

Additionally, cybersecurity or antivirus software programs prevent spyware or viruses that may harm your computer if your child visits a malicious site. Using these programs, parents can also set up regular virus checks and deep system scans to make sure there is no harmful activity happening under your nose.

A VPN hides users’ internet activity from snoops and spoofs your location. This protects your kids by making sure hackers or predators can’t detect their actual location. You can install a VPN on your router so that the location is spoofed on all connected devices. 

8. Set parental controls

It may seem obvious, but parental controls are crucial to your child’s safety online. Parent controls are built-in features included on devices and apps. With these features, parents customise their child’s online experience. What parental controls are available on each device or app varies, but in general, they limit screen time, restrict content, and enhance user privacy.

Features of parental controls:

  • Limit screen time.
  • Turn off in-app purchasing.
  • Prevent inappropriate or mature content.
  • Limit website access.
  • Play, message, or send/receive content with approved contacts only.
  • Monitor device location through GPS.

Take time to look at what parental controls are available on your child’s commonly used apps. Then, set them to reflect the type of experience you think is best for your child or teen’s online safety.

Keep your child safe online during the summer holidays

During the summer holidays, children will inevitably have more access to screen time, especially in the form of the internet. Internet safety has become an increasingly worrying problem amongst parents.

Internet expert Allison Troutner from VPNOverview.com has listed the best ways to keep your child safe online:

1. Consider a family ‘tech agreement’

One way to set ground rules with your child is to create a Family Tech Agreement. A family tech agreement answers as many questions as possible about internet and device use so boundaries are clear to all family members. It’s a good way for the whole family to talk about safe and responsible online behaviours.

To create a family agreement, discuss topics like:

  • What apps, games, or sites does the family use most?
  • What rules do we want to include in our agreement?
  • How long should we spend on our devices?
  • What information is safe to share (or not)?
  • What do we do if we see something inappropriate?
  • What email address do we use to sign up for accounts?
  • Do we know how to use in-app safety features like blocking and reporting?
  • Who can we talk to if we feel uncomfortable with something online?
  • Who is safe to talk to?
  • What happens when someone breaks the agreement?
  • When might parents be forced to break the agreement for safety?

This is a starting point: your family may discuss more topics on internet safety for kids depending on the ages of your child or teens and what devices you use.

2. Report any harmful content that you see

Flag or report all harmful content or contact you or your child experiences using social media apps using in-app reporting features. For cybercrimes, cyberbullying, or harmful content, use in-app features like Twitter’s safe mode to report it. Most social media companies have their own safety and privacy policies and will investigate and block content or users. Apps geared towards kids, like Facebook Messenger Kids, have clear guidelines and safety features so that users can block content or contacts and have a safer experience in the app.

3. Balance safety with independence

Technical controls can be a useful way to protect your children online but they can’t solve all your problems. Children need a certain amount of freedom and privacy to develop healthily. They need their own free space to learn by trial and error what works and what doesn’t. So keep balancing, it’s part of it. Having open and honest conversations with your children can be the best way to balance this safety.

4. Keep the computer in a common space

If possible, keep computers and devices in a common space so you can keep an eye on activity. It prevents children from doing things that might be risky. Also, if harmful or inappropriate content appears through messages, you can address it with your child straight away.

5. Password-protect all accounts and devices

From phones to computers to apps, put a password on it. That way, no one without the password can access you or your child’s device. Keep track of passwords by using a password manager.

6. Update your operating systems regularly

All of your devices from mobile phones or tablets to computers and smartwatches receive important updates in response to security issues on a regular basis. Be sure to install them regularly so you have the most up-to-date security fixes and remain safe online. Our recommendation is to set updates to install automatically so your device is less vulnerable to known attacks. Usually, you can find this feature in Settings, then select Automatic Updates, but it varies between devices.

7. Install security or antivirus software programs and a VPN on your computer

Additionally, cybersecurity or antivirus software programs prevent spyware or viruses that may harm your computer if your child visits a malicious site. Using these programs, parents can also set up regular virus checks and deep system scans to make sure there is no harmful activity happening under your nose.

A VPN hides users’ internet activity from snoops and spoofs your location. This protects your kids by making sure hackers or predators can’t detect their actual location. You can install a VPN on your router so that the location is spoofed on all connected devices. 

8. Set parental controls

It may seem obvious, but parental controls are crucial to your child’s safety online. Parent controls are built-in features included on devices and apps. With these features, parents customise their child’s online experience. What parental controls are available on each device or app varies, but in general, they limit screen time, restrict content, and enhance user privacy.

Features of parental controls:

  • Limit screen time.
  • Turn off in-app purchasing.
  • Prevent inappropriate or mature content.
  • Limit website access.
  • Play, message, or send/receive content with approved contacts only.
  • Monitor device location through GPS.

Take time to look at what parental controls are available on your child’s commonly used apps. Then, set them to reflect the type of experience you think is best for your child or teen’s online safety.

Police: Don’t give motocycle thieves an easy ride

Now that the weather is improving Police are expecting more people to be out and about on their motorbikes. Here are some tips on how to secure your motorbike:

– Ensure your bike is fitted with a combined alarm and immobiliser which will deter thieves when the alarm sounds.

– Attach both a disc lock and U-lock. Do not rely on one device, The more security placed on your bike, the less attractive it is to a thief.

– Try to park under street lights.

– When applying your locks, ensure they are secured to a solid anchor point or a permanent piece of street furniture. Keep the lock off the ground where possible as this makes it difficult for the thief to remove.

– Cover your motorcycle and ensure the cover is attached to the security device.

– Where possible use ‘Thatcham’ or ‘Secure by Design’ approved devices www.securedbydesign.com. These have been tested by the industry and are generally agreed to be some of the most robust security devices available.

– Ensure you always activate the steering lock.

– Avoid leaving your helmet or other possessions on the motorcycle, in luggage space or panniers.

– Be vigilant, ensure that you are not being followed home and check for suspicious items attached to your motorcycle.

Social Media

Think about what you share on any app and regularly review your security settings

– Make sure your posts do not identify your home and make it a target.

Tracking Devices

Tracking devices are an effective covert security measure. Although they may not prevent your motorcycle from being stolen, it will assist police in tracing and recovering the vehicle quickly.

Marking and Identification Systems

Datatag ID – Datatag is a piece of technology which can be attached to various parts of your motorcycle. It comes in different forms, dependent on what is most appropriate and is unique to each individual. For more information on this product, please visit www.datatag.co.uk.

Heartbreaking: Britons lose £204.5 million to dating scams, hacking and more in past 12 months

  • The UK reports losses of around £204.5M over the past 12 months due to personal, digitally driven crimes
  • Almost 23,000 cases of fraudulent activity relating to plastic cards and online bank accounts have been logged since September last year
  • Alarmingly, 49% of Brits don’t know if their smartphone has security software installed, or have none at all

Following last week’s Twitch data leaks on 4chan, a new study reveals that the UK’s public has lost as much as £204.5 million to personal, digitally driven crimes in the past 12 months. Additionally, as many as 26 million British adults – 49% of residents over the age of 16 – report either not knowing whether their smartphone has security software installed, or having none at all.

App development company Bacancy Technology analysed statistics drawn from the National Fraud Intelligence Bureau (NFIB), focusing on crimes more likely to befall members of the public – such as dating scams, personal and social media hacking, computer viruses and banking app fraud.

In total the UK has filed a total of 60,297 reports of criminal activity dating back to September of last year, culminating in a total loss of £204.5M to the personal finances of British citizens.

Across the selected categories, cyber-assisted crimes involving cheque, plastic card and online bank accounts have seen the highest number of incidents, at 22,981 reported cases, with an overall personal financial loss of £102.3M – an average of £4,451 per case.

Social media and email hacking ranks second highest in the list in terms of the number of reported incidents, standing at 12,225 reports over the last 12 months. However, the high volume of cases is offset by an average loss per case of £204 – amassing to an overall financial loss of a lesser £2.5M.

With Dating scams, it’s the opposite. A smaller number of reported cases (9,388 over 12 months) has resulted in Brits taking financial losses of £97,600,000 – with each individual case costing over £10,000 on average.

Ranking fourth and fifth on the list are reported crimes surrounding computer viruses/malware and personal hacking – which relates to hacked devices, rather than accounts. Despite a large number of reported incidents over the past 12 months (7,893 and 6,649 respectively), each of these crimes have resulted in smaller average losses per case, with figures under £100.

Top 5 personal digital crimes – UK, over 12 months (Oct 20 – Oct ’21)

Type of crimeNumber of reported crimesReported financial loss (in GBP)Average loss per case
Cheque, Plastic Card & Online Bank Accounts22,981£102,300,000£4,451
Hacking – Social Media & email12,225£2,500,000£204
Dating Scams9,388£97,600,000£10,396
Computer Virus/Malware/Spyware7,893£348,400£44
Hacking – Personal5,649£511,900£90

Despite the variety of security apps readily available on both the Apple and Android stores, around 26 million Brits – a total of 49% – may be at risk.

Further data drawn from an ONS survey shows that one in three Brits (32%) are unaware of whether their smartphones have security software installed, while almost one in five (17%, or nine million adults) reported not having security software of any kind – leaving them open to potential cyber-crime and fraudulent activity.

Do you have security software installed on your smartphone?

 All16-2425-3435-4445-5455-6465+
Automatically installed/provided with operating system40394636443738
Installed/subscribed118914131211
Do not have smartphone security1727181915911
Don’t know32262731294241

Commenting on the findings, a spokesperson for Bacancy Technology said: “Recent events in the news have highlighted the importance of maintaining security over our personal data and finances.

“Even so, it seems that while the British public are aware of the potential dangers of online activities, many are failing to take steps to adequately protect themselves and their loved ones. Digital security is of the utmost importance, and everyone with a smart device should take necessary precautions to ensure their safety.”

This research was conducted by app development company Bacancy Technology, an exclusive hub of top software developers, UI/UX designers, QA experts and more, offering development services aimed at the creation of high-end, enviable applications.

Which?: Some banks leaving customers exposed to scammers

Some banks can and should be doing more to protect their customers from criminals trying to steal sensitive information, Which? research has found. 

With the last year seeing an increase in scams, many consumers will expect that the companies they deal with in their everyday lives are doing everything they can to protect them.

However, a new Which? investigation has found that some banks are failing to use all the tools available to them to combat scammers, leaving weaknesses in their security systems that scammers could exploit. 

The consumer champion looked into what protections banks were putting in place to protect their customers from receiving fraudulent emails, SMS messages and phone calls.

These so-called phishing attacks are worryingly common. Scammers send legitimate-looking messages that are designed to tempt people into divulging sensitive information, such as bank account details, usernames or passwords.

Phishing scams may try to imitate (or ‘spoof’) banks’ genuine email addresses or domains, sometimes by making slight changes – for instance, by changing ‘.co.uk’ to ‘.com’. 

Banks should be implementing a system that protects web addresses they own or use – known as ‘domain-based message authentication, reporting and conformance’ (DMARC) – to prevent spoofing attacks.

Banks can use DMARC to tell email providers how to handle the unauthorised use of their domains. 

The process of introducing DMARC is frequently done gradually: by initially setting records to ‘none’ (a monitoring phase where no action is taken if DMARC checks fail) before working towards ‘quarantine’ (which moves emails to junk/spam if they fail the checks) and ultimately, a policy of ‘reject’ (which blocks all emails that fail the checks). 

When Which? asked security experts at technology company 6point6 in April to check whether banks offered this protection, some banks were falling short. 

At the time of the investigation, the Bank of Ireland and Agricultural Mortgage Corporation – a wholly owned subsidiary of Lloyds Banking Group – had not yet introduced DMARC.

This could have allowed scammers to forge their email address and send messages that would appear indistinguishable from genuine ones from their bank. Both have since taken action to resolve this. 

The investigation also found that Nationwide, TSB and Virgin Money – nationwide.co.uk, tsb.co.uk and virginmoney.com, respectively – had not set their policies to ‘reject’ all emails that fail DMARC checks. TSB and Virgin Money told the consumer champion that they are working towards this. 

Nationwide said it has security features to protect against spoofing and will ‘look at ways to improve email security, including future enhancements to DMARC security.’ 

The investigation also uncovered that The Co-operative Bank, First Direct, Starling and Tesco Bank had no DMARC system in place for their alternative domains, but did for their primary domains.  

Although The Co-operative Bank has protected its ‘co-operativebank.co.uk’ email address, there are no DMARC records for ‘co-operative.co.uk’ and ‘coop.co.uk’ – two domains that are owned by The Co-operative Group, a separate company not associated with the bank – making them vulnerable to scammers who could pose as The Co-operative Bank using alternative email addresses. 

Since the investigation, Starling and Tesco Bank have now applied DMARC to alternative domains, starlingbank.co.uk and tescobank.co.uk, respectively.

First Direct and The Co-operative Bank told Which? they are reviewing the inclusion of their alternative domains – firstdirect.co.uk and co-operativebank.com – within their existing DMARC policies.

While banks are further ahead than other industries when it comes to implementing DMARC, Which? believes that it is often too hard for customers to tell the difference between a phishing email and genuine communication from banks due to inconsistent practices across the industry. 

This is particularly concerning amid a worrying culture of banks blaming victims for falling for scammers’ tricks, despite their heightened sophistication. This means people often face a lottery to get their money reimbursed under the industry’s voluntary bank transfer scams code.

Which? is calling for all banks to implement DMARC and configure it correctly, setting their policies to ‘reject’, meaning email providers should block any emails that fail these checks. 

Banks should also be clamping down on number spoofing, which involves scammers manipulating caller IDs to mimic the phone numbers of legitimate organisations. To tackle this, Ofcom worked with the banking industry body UK Finance to identify a list of ‘do not originate’ (DNO) numbers – numbers that are never used for outbound calls. 

Most banks had signed up to the scheme at the time of the investigation, apart from The Co-operative Bank and Nationwide – although both have since told Which? they plan to join.

Banks can also protect their SMS headers – the name or number a text message appears to come from – against spoofing by registering with the SMS SenderID Protection Registry run by the Mobile Ecosystem Forum. 

The consumer champion believes that if banks did not include weblinks or phone numbers in their official SMS communications – sensitive information that is prone to spoofing – consumers could feel more secure and be able to spot scams more easily. 

Which? is working on a best practice guide for businesses to help raise standards of SMS communications and bring greater consistency to how they protect consumers. 

Jenny Ross, Which? Money Editor, said: “It has never been harder for people to know whether they’re receiving genuine communications from their bank, or being tricked – so it is crucial that banks take every measure to protect their customers from these devastating scams. 

“These include implementing email scam protections properly and no longer putting phone numbers and links in messages, to ensure customers feel safe and can bank with confidence.”

Bike marking events this weekend

Police Scotland’s North West Community Team are holding two free bike marking events this weekend.

Saturday 5 June: Victoria Park, Trinity from 11am – 2pm.

Sunday 6 June: St. Margaret’s Park, Corstorphine from 11am – 3pm.

#PedalProtect

#BikeRegister

Police issue advice on shed security

Break-ins to garden sheds, garages and thefts from gardens are common throughout the country. In fact, many criminals consider this type of crime to be low risk, as they don’t have to force entry to your home.

Many people store bikes, power tools and expensive gardening equipment in their sheds making it very attractive to criminals.

The good news is that there is a lot you can do to outsmart garden thieves. A few simple solutions can make all the difference to the security of your garden:

• Make sure the lock is in good working order. Fit a mortise lock (BS3621:2007) and/or use a good quality closed shackle padlock on your shed door. The hasp should be attached using coach bolts or anti tamper screws rather than basic screws.

• If there are any windows in the garage/shed, fit a grill, adhesive frosting or put a curtain over the window, so that people cannot see in.

• Fit a shed alarm. These can be bought online for around £10.

• Secure all the equipment including bicycles that you can by padlock and chain, make sure it is attached to the building – a ground anchor is preferable.

• Security mark your bicycles, lawnmowers, toolboxes and garden furniture, by engraving, painting or using a DNA security marker kit and register these. Available online.

• Consider installing a garage defender, which secures the door to the ground.• Surrounding hedges or trees should be trimmed or cropped so as not to provide cover for thieves.

• Clear your garden all of debris, rubble and tools that may be used to force entry.

• Install security lighting to illuminate your garden.• Consider topping your fence or wall with a trellis, which will provide an additional barrier and provide support for climbing plants.

• Aggressive plants and shrubs, such as Berberis and Hawthorn can help deter intruders.

• Sign up to local alerts provided by Police at; https://www.neighbourhoodwatchscotland.co.uk/

• If purchasing security products look for items endorsed with the Sold Secure or Secured by Design logo.

If you see anyone acting suspiciously near to your premises please contact the police immediately with as detailed a description as possible of any person or vehicle involved.

Please call 999 if an emergency and urgent police assistance is required or 101 if not urgent to report the matter to the police.

Further advice also available at https://www.scotland.police.uk/keep-safe/home-and-personal-property/secure-your-garden-outbuildings/ and www.securedbydesign.com