Cyber guidance this June

By Alison Stone (Third Sector Cyber Resilience Coordinator, Scottish Business Resilience Centre) on 7th Jun 2021

June is looking like it’s going to be an awesome month… already we have had a few days of sunshine, have celebrated youngest daughter’s “significant” birthday in a restaurant with food I DIDN’T HAVE TO COOK and… there is an abundance of new and exciting cyber guidance available!  We will focus on the latter (though photos of every course from the aforementioned dining experience are available on Instagram, obviously!). 

There has been a bit of a lull after the amazing week that was Cyber Scotland Week back in February, where the third sector put on some tremendous education events (many available on the SCVO YouTube channel) but now we are back with lots of helpful new stuff. 

First up is my blog on Reputation Management which was published in the most recent OSCR newsletter.  This introduces the Reputation Management Framework developed by the Scottish Business Resilience Centre (SBRC) in association with Clark Communications, which provides some really good insights into things you can proactively pull together so that, should your organization be hit by a cyber-attack, you have your ducks in a row to manage the external facing communications.  It also has great advice on what to do if that phishing link is clicked and it all goes a little bit cyber-pear shaped.

Following on from that, and still thinking about threats and incidents, there is an excellent new blog from the National Cyber Security Centre (NCSC) about what Board Members should know and what they should be asking their technical experts on the subject of ransomware.  Ransomware, as a threat, is becoming much more prolific – not quite to the levels of phishing attacks, but definitely increasing.  You may have read about the recent high profile attacks which have reached the media, such as SEPA and several higher education establishments.  Third sector organisations are in no way immune and this guidance is a really helpful introduction to what ransomware is, how you may know that an incident has occurred and what you can do to recover. 

Last, but by no means least, is the new video from SBRC and IASME, the accreditation body, introducing the NCSC backed Cyber Essentials Accreditation Scheme.  This short animation explains what Cyber Essentials is and how your organisation can go about achieving it.  It’s a valuable certification – increasingly third sector organisations are asked to have this in place if they are bidding for Local Authority work, for example.  Over and above that, it does prove to funders, stakeholders and staff with reassurance that you take the security of the data you hold and the systems you use seriously.

We know that Cyber Essentials can seem like a daunting task for some smaller charities and voluntary sector organisations.  Fear not – the newly launched Cyber Health Check from SCVO is designed to provide an entry level review of what you need to be thinking about to improve the cyber resilience of your organisation.  Based on the same framework as the SCVO Digital Health Check (also excellent!) the tool asks you to rate the cyber readiness of your charity and provides signposting to further resources, as well as a one to one call with someone (usually myself) who can review the results and help you formulate a plan of action. 

So, loads of new shiny exciting cyber stuff to fill the remaining days of June.  As ever, I am here to help all third sector organisations along their journey to improved cyber resilience.  Please do reach out to me at my new “home” at the Scottish Business Resilience Centre – always happy to chat!