Scottish cyber resilience team urges businesses to be proactive

The Scottish Government and Police Scotland are urging small businesses to take pre-emptive action to limit the threat of damaging cyber-attacks.

The advice follows the TalkTalk cyber attack and the news that a Glasgow hairdresser paid a ransom of €1000 to cyber-criminals who had locked its IT system.

The Scottish Business Resilience Centre (SBRC) has stressed SMEs need to stay vigilant as they can be particularly vulnerable to a strike.

The SBRC is recommending that businesses follow standard advice to minimise the chances of becoming a victim of cyber-crime including:

Cyber security assessments: Use ethical hackers to  evaluate the level of protection present within your company infrastructure and act quickly to resolve issues.

Corporate digital footprint assessments: Get a solid understanding of your organisation's footprint on the Internet and establish how easy it is to access sensitive details.

Supply chain resilience exercises: Evaluate how secure your suppliers are. A single supplier that is temporarily shut down as a result of a cyber-attack could cause major issues for any customers that use its services as part of their supply chains.

SBRC Director Mandy Haeburn-Little said there is a dangerous misconception that smaller companies don't get hacked. “When large firms are struck by a cyber-attack it makes big news across the media. At the other end of the spectrum, small businesses tend not to report these attacks for the understandable fear that they can be disastrous for reputation,” she said.

“Many small companies do not have large IT departments looking after their cyber-security but still have lots of valuable information, so they are viewed as ripe and easy pickings for cyber-criminals,” she said.