• Coronavirus Info Hub
  • Funding Scotland
  • Goodmoves
  • TFN
  • SCVO Membership
Scottish Council for Voluntary Organisations
Join our community
About Support & learning Services Funding Jobs & employability Policy & research
Scottish Council for Voluntary Organisations
Scottish Council for Voluntary Organisations
  • Home
  • About
  • Support & learning
  • Services
  • Funding
  • Jobs & employability
  • Policy & research
Our sites
  • Coronavirus Info Hub
  • Funding Scotland
  • Goodmoves
  • TFN
  • SCVO Membership
  • Home
  • Support & learning
  • Digital
  • How to guides
  • Remote working
  • Cyber Security – working safely and securely

Cyber Security – working safely and securely

Working remotely can mean that it is harder to secure your data against cyber attack. It can seem hard to find the balance between supporting easy access to systems and managing them securely. It is essential you have good cyber awareness and contingency planning in place.

Three key actions

  • Have a cyber security policy
  • Instigate an organisational culture of working safely
  • Train your staff on online safety and privacy

Cyber security policy

Your board/trustees should work with senior management to identify risks and protection measures to put in place. A written policy should be produced with information on what to do in the event of a cyber attack; who needs to be informed; and which gives clear guidance to staff on their day-to-day responsibilities.

You may also decide to get your organisation Certified in Cyber Essentials, a government- backed scheme.

Organisational culture of safe working

You should encourage your people to be curious and report any issues to senior management. If you regularly pressure your staff to just get on with things, then you risk them losing their natural curiosity to evaluate things and spend time flagging up anything concerning

You should also keep yourself up-to-date on security issues and shut down scaremongering conversations, which are often fueled by tabloid headlines and social media.

It can be difficult for people to know what to believe, so you should promote the truth and validity of just a few trusted sources to prevent the overwhelming amount of information available. Our trusted sources are NCSC (National Cyber Security Centre), Scottish Government’s Cyber Resilience Unit and Get Safe Online.

You should also provide and manage devices which will make it much easier to ensure key security settings are applied and kept up to date.

Train staff on online safety and privacy

You should provide staff with regular training on online safety and cyber security. Any reported incidents should be circulated to all staff to remind them to be vigilant and to encourage reporting.

You should regularly remind staff to of safe working practices, such as:

  • Only connect to secure WiFi networks – change the default password on your home WiFi router.
  • If you are away from home, never use public wifi – using your mobile phone as a hotspot is safer
  • Ensure your computer software is up-to-date and that antivirus and malware scans are run regularly
  • Use a password manager, like LastPass, to ensure passwords are strong and unique and not written down anywhere. If you share a device, ensure that you use a separate, password-protected user account for any work-related activity.
  • Ensure that you back up files you have been working on. This is automatic if you work in the cloud..
  • Consider using a privacy screen for your laptop, and screen, so other members of their household cannot see the screen
  • Always lock your device if you’re having a break – the keyboard shortcut to this is Windows-L.
  • Make phone or video calls from a private room, if possible, and if this is not possible a headset will keep callers’ information private.
  • Be mindful of what you let people see in the background on video calls, e.g. confidential paperwork or a way to identify where you live.
  • Stay curious and vigilant – verify any unusual requests you receive from colleagues, like payment requests, changes of bank details or password resets – these may be phishing attacks or scams.
  • Work in the cloud as much as you can to minimise the amount of information you have to store on a local computer
  • Regularly clearing browser history and the Downloads folder
  • Enabling multi-factor authentication
  • Enabling encryption on the computer hard drive

Resources

 

Cyber security – NCSC’s 30 minute training for staff

 

NCSC Cyber Essentials – resources and certification

 

Scottish Government’s Cyber Resilience Bulletin

 

Cyber Security Policy template

 

SCVO’s guide to risk management, cyber security and safeguarding

 

National Cyber Security Centre (NCSC) news

Page last modified on 9th June 2020
  • Support & learning
  • Digital
  • How to guides
  • Remote working
  • Enable your staff to work from home
  • Tools
  • Virtual meetings & video calls
  • Work in the cloud
  • Cyber security
  • Supporting your people
Sign up for our Digital bulletin

Once a fortnight we send out a short email bulletin rounding up the latest news on digital participation, evolution and innovation in Scotland and beyond. Sign up here:

Sign up for our e:bulletin
Follow us on Twitter
Email us

Our digital work is delivered in partnership with:

The Scottish Government
Digital Scotland
Join our community

Contact

How to get in touch while our staff are working from home

Social

  • Twitter
  • LinkedIn
  • Facebook
  • Soundcloud
  • YouTube

Help

  • Accessibility
  • Transparency & open data
  • Privacy
  • Cookies
  • Terms & conditions
  • Feedback & complaints

About

The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Find out more

© 2021. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation.
Charity registered in Scotland SC003558. Registered office Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh EH3 6BB.

Scottish Council for Voluntary Organisations