Staff News - February 2023
Free Cyber Security Training from the Scottish Business Resilience Centre
The Scottish Business Resilience Centre are offering staff the opportunity to attend free online and in-person events covering a range of cyber security subjects. The events are also open to third-sector organisations.
The details of the events are below.
Exercise in a Box 'Sensitive Data Leak' Session via Microsoft Teams - 9th February 2023
Why should you do it?
Charities, small businesses, and public sector organisations hold just as much sensitive data as large organisations, but rarely have the same resources for securing it. Most organisations know that the Information Commissioner’s Office can issues fines of up to £17.5 million following breach of sensitive data, but did you know individuals can file separate claims for compensation? Sensitive data is even being stolen and used to extort charities for millions in ransom payments.
Using the Sensitive Data Leak scenario from the National Cyber Security Centre’s Exercise in a Box toolkit, their team of Ethical Hackers will challenge your data protection policies and processes in a discussion-based exercise aimed at improving your organisation’s resilience to extortion and sensitive data leaks.
This exercise is split up into 3 injects, with several discussion points covering a variety of topics, including:
- Your organisation’s logging and monitoring of internal sensitive data
- Your processes for securely offboarding a disgruntled employee
- Internal escalation of a security incident and the legal considerations
Exercise in a Box 'Ransomware' Session via Microsoft Teams - 2nd March 2023
Why should you do it?
With the rise of ransomware attacks, organisations must be prepared in case they suffer an attack. Effectively securing an organisation can be difficult as you are only as secure as your weakest link. With the ever-changing face of cyber security, it is difficult to prepare for possible attacks.
The aims of this exercise are as follows:
- Understand how your organisation is prepared to deal with phishing attacks.
- Recognise how the configuration of your user accounts plays a major role in your defences.
- Gauge how effectively you can recover data and resume operation after a cyber-attack.
- Build trusted relationships and develop shared understanding between key stakeholders.
- Prepare and train key staff to consider what risks they are exposed to.
- Operate in a no-fault environment to check and test cyber security defences and capabilities.
Exercise in a Box 'Micro Exercises' - in-person event, Lairg Community Centre - 7th March 2023
Why you should do it?
The micro exercise session combines several fundamental aspects of cyber security with additional, broader cyber security learnings within a 90-minute session to ensure all organisations, regardless of their sector or level of cyber knowledge, can benefit.
The exercise is divided into four topics:
- Password security
- Identifying and reporting phishing emails
- Secure remote working
- Responding to a ransomware attack
Exercise in a Box 'Micro Exercises' - in-person event, 8 Doors Distillery, John O'Groats - 8th March 2023
Why you should do it?
The micro exercise session combines several fundamental aspects of cyber security with additional, broader cyber security learnings within a 90-minute session to ensure all organisations, regardless of their sector or level of cyber knowledge, can benefit.
The exercise is divided into four topics:
- Password security
- Identifying and reporting phishing emails
- Secure remote working
- Responding to a ransomware attack