The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Charity registered in Scotland SC003558. Registered office Caledonian Exchange, 19A Canning Street, Edinburgh EH3 8EG.
Small steps to cyber security: don’t take the bait
SCVO’s cyber awareness campaign was created to provide regular hints and tips to share with staff and volunteers, helping them spot cyber risks and take appropriate action to keep organisations safe online. It is important to talk about cyber security regularly to help good habits stick, we hope you can include these in your organisation’s staff/volunteer updates, newsletters and other guides as well as utilising this free e-learning module.
So far we’ve covered…
- Starting with passwords
- Ask to attend a cyber event or read a news article at CyberScotland.com
Now lets talk about the biggest threat out there and the important role people play in protecting against it.
Phishing explained
According to CyberScotland, the term ‘phishing’ is often used when talking about emails, but these can also take the form of a text message or social media post that look like the real thing but are malicious. The criminal will try to convince you to click on links within their message that could lead to a virus being downloaded on to your computer or persuade you to reveal personal, sensitive or financial information.
Phishing attacks can be difficult to spot, pretending to be from a trusted source (e.g. your CEO) and often threatening urgency for a response, aiming to trick you into interacting with them.
Don't take the bait
Try this quiz to see whether you can spot the difference between real and fake emails.
Here are some simple phishing tips
Think before you click: Encourage staff and volunteers to pause before acting and consider whether a request is genuine.
- Were you expecting the email? If not, is it threatening urgency or asking you to do something you wouldn’t usually do?
- Check email addresses carefully, even if messages appear to come from a trusted source – hover over them (don’t click) to spot fakes
- Verify any unusual requests by contacting the sender directly (not using the details in the message)
- Think twice before clicking any link or opening an attachment
Report anything suspicious: Encourage a better safe than sorry approach, ensure everyone knows to report suspected phishing activity to whoever is responsible for IT within your organisation or forward to report@phishing.gov.uk. If you believe you have been a victim of a crime, report it to Police Scotland by calling 101.
Don’t panic if you click: It happens to all of us, just make sure you know what to do if you click a dodgy link and report it as above.
Share these with your colleagues and let them know about our lunchtime learning session next month.
And stay in the loop on all things cyber
If you want to keep up to date with cyber and hear about all our resources as soon as they are available check out SCVO’s free online guidance.
Contact SCVO’s Cyber Resilience Co-ordinator, Alison Brogan, if you’d like support with creating a positive cyber security culture within your organisation. From board level to supporting your team in their everyday work, there is lots of free support available.
