Renfrewshire Council

"Your ability to recognise a phishing email can be all that stops the council becoming the victim of a ransomware attack" says Carol Peters as she outlines why it's so important to detect scams before they happen.

Carol is one of our Cyber Security architects and works as part of the team that implements the council's cyber security measures and aims to keep us safe from cyber-attacks.

"These days, most organisations have an internet presence of some kind and Renfrewshire Council is no different.  Protecting our assets from cyber-attacks is essential and we have a mesh of technologies that layer over each other to make it as hard as we can for a criminal to breach our network.

"The Scottish Government have told all local authorities to expect to have your network breached by a cyber-attack because a determined attacker will find a way and a successful attack can affect our ability to deliver our public services for an extended period of time.

As part of the council's defence against attacks, business continuity exercises have taken place to ensure services are prepared for any eventuality and we've also sent our phishing emails to see if people can recognise them.

"While my job focuses on the technical aspect of how we protect the council from attacks, there is a key part of cyber security that applies to the community as well - and that's the human element.

"Cyber criminals know that no matter how well-trained people are, they are busy, often under pressure and are not always concentrating, and they rely on a good phishing email catching just one person out.

"A successful phishing attack can leave the council vulnerable so please don't take the risk if you don't know exactly what you're clicking on."

Here's some top tips from Carol on how to avoid becoming the victim of a scam:

• Educate yourself so you know what to look out for by visiting the RenSafeOnline website regularly for the latest info and complete the mandatory cyber security courses on iLearn
   
• Don't open email attachments or follow links unless you are 100% sure they are safe. Try the free tool to check whether a website is likely to be legitimate or fraudulent at getsafeonline.org/checkawebsite
   
• Always complete software updates to your laptop or phone when prompted
   
• You should never be asked for card details or personal information over the phone from a cold call. If you're not sure, don't provide them, take time to do your research and ask a colleague if something doesn't seem right
   
• Look out for errors, poor format, or messages that don't use your name. These can be obvious signs of a scam, but some scams are very sophisticated and can look very real

If you fall for a scam, it's important to react in the right way to limit any impact on you.

"People can feel embarrassed that they've fallen for a scam, but it's much more important that you try to fix it immediately rather than hope nothing happens.

"You should put your devices into flight mode (key F11 on your laptop) if working from home or take out the network cable if you're in the office - call the ICT Service Desk urgently for advice on 0141 618 7777.

"Definitely do not try and get in contact with the scammer, this will just make things worse.

"Do your best to stay safe online and if in doubt, just remember the cyber security ABCs - Assume nothing, Believe nobody, Check everything!"

Running from 15 to 19 May, Business Continuity Week 2023 highlights various areas of resilience that people, staff and businesses need to be prepared for including cyber, organisational, supply chain and personal.

It aims to ensure you have the knowledge to prepare in advance, but also know how to respond in case an incident happens.

For more information on how to prepare, visit the RenReady section of the council website.

Published Monday 15 May 2023