Skip to main content

14 Dec 2021


Make sure that cyber security is top of your Christmas list

At this time of year, some organisations will start to close, while others may be running with reduced staff which can make organisations vulnerable to online attacks.

Last Christmas Eve, Scottish Environment Protection Agency’s digital systems were held under attack. It knocked several of their key systems offline causing major disruption to their staff and made it difficult for them to do their work.

We are encouraging social service organisations to take some simple steps to mitigate the risk from an online incident.

  • Do you have an incident management plan? One in 10 organisations do not have an incident management plan. If that’s your organisation, you should address this immediately and make sure physical copies are available should systems be disabled. The first step is looking at ‘what an incident would look like’ for your organisation, who will it impact on, how could this impact on us and the people, carers and families that rely on our services?
  • Make sure your data is secure. Organisations need to know what data they have if they are going to secure it. You should audit your data regularly to make sure appropriate protections are in place especially for transferring data or storing data for prolonged periods such as during the Christmas break.
  • Back up your data using the ‘three-two-one’ rule. This is a popular strategy which can prevent you facing be used in most scenarios to provide a robust safeguard for your systems. Have at least three copies, on two devices, and one offsite backup.
  • Does your current security strategy include a plan for cyber-attacks during the holidays?
    It’s important to have an organisational continuity plan. When disaster strikes, getting your organisation’s operations back up and running quickly is crucial. No organisation is immune to potential threats, no matter how big or small your organisation is.
    Take the time now to review your business continuity plan and know where you can seek advice and support should you need it.

Contact us for support

If you have any questions, please contact SSSC Cyber Resilience Engagement Coordinator, Scott Tees at

Organisations looking for support and advice can also call the free Cyber Incident Response Helpline. This helpline can support organisations that have been a victim of an attack and provide expert guidance to get back to secure operations.

Call the helpline on 01786 437 472

You can report cyber crime to Police Scotland by phoning 101

If you think you have been the victim of a cyber attack contact The Scottish Business Resilience Centre’s (SBRC) cyber incident response helpline 01786 437 472.

Contact information

Sandra Wilson
Communications Officer
Scottish Social Services Council