Skip to main content
someone is working on two different laptops.

28 Jun 2023

Your learning

Safeguarding social service organisations: the importance of cyber security

As technology evolves, so do the methods cybercriminals use. Police Scotland recently released figures showing a 68% increase in fraud since 2018. There were 17,000 fraud cases recorded last year, the majority of those were online.

With ongoing digital advances, it’s important for social service organisations to recognise potential cyber security threats and understand the significance of implementing robust safeguards, along with appropriate policies, processes and continuous staff training.

The social service sector is a prime target due to the sensitive and valuable data it holds, such as individual’s records and other sensitive personal information.

What are the top three cyber security threats?

  1. Ransomware attacks. Cybercriminals exploit vulnerabilities in the system to infiltrate networks and encrypt critical data, making it unusable for staff and demanding a ransom for its release. These attacks can disrupt social service organisations and potentially have a significant impact on individual’s care.
  2. Data breaches. Breaches occur when unauthorised people gain access to confidential information. The stolen data can be sold on the black market or used for identity theft, leading to severe consequences for both individuals and organisations.
  3. Phishing and social engineering. These techniques involve tricking people into revealing sensitive information or performing malicious actions without realising. Attackers often impersonate well known organisations or individuals, making it important for staff to be vigilant and well informed.

What technologies are available?

We’re encouraging social service organisations to use robust technological safeguards to protect against cyber threats.

  • Firewalls and intrusion detection systems. By implementing these technologies, organisations can detect and prevent unauthorised access attempts, minimising the risk of cyber intrusions.
  • Secure network infrastructure. Encryption, strong authentication measures and regular security updates are essential for securing network infrastructure. It helps protect sensitive data in transit and safeguards against unauthorised interception.
  • Endpoint security solutions. Using antivirus software, endpoint detection and response tools can help detect and minimise threats on individual devices, preventing infections to your network and unauthorised access.

What else can social service organisations do?

While technological safeguards form a crucial foundation, they are insufficient to combat cyber threats on their own.

Organisations must establish comprehensive policies, processes and training frameworks that work alongside technological solutions. Involving your staff is also key to an effective cybercrime prevention strategy.

Cybersecurity policies. Clear, well-defined and easy to understand policies set the expectations for secure behaviour and outline procedures for incident response, data protection and user access management. You should regularly review and update these policies to adapt to evolving threats.

Robust processes. Implementing secure processes, such as regular data backups, system patching and vulnerability assessments, reduces the likelihood of successful cyber attacks. Incident response plans should also be in place to minimise damage and ensure a swift recovery in the event of a breach.

Continuous staff training. Employees are often the first line of defence against cyber threats. Regular training sessions can raise awareness about scams, the tactics scammers use and other emerging threats. Educated staff members can identify and report potential incidents which will reduce the risk of successful attacks.

Involving staff members in the cyber security strategy is crucial for its success.

By actively engaging employees, organisations can achieve the following.

  • Increased vigilance. When staff members are educated about the latest threats and trained to identify suspicious activities, they become a valuable asset in identifying and mitigating potential cyber attacks.
  • Culture of security. Having a culture of security creates an environment where cyber security is everyone's responsibility. Staff members who are knowledgeable and committed to best practice become an integral part of the defence against cyber threats.
  • Prompt incident reporting. Encouraging staff to promptly report potential incidents, without having a culture of blame, allows organisations to take swift action, minimising the impact of attacks and assisting effective incident response.

Social service workers should pay extra attention to the ever-increasing threat of cyber security. Implementing an approach that combines technological safeguards, robust policies and processes and continuous staff training is extremely important. By recognising the importance of staff involvement, organisations can significantly enhance their ability to prevent, detect and respond to cyber threats, safeguarding the integrity of essential care services and protecting sensitive patient information.

Stay vigilant, stay informed and together let’s strengthen the social services sector against cyber crime.

Contact us for support

If you have any questions, please contact SSSC Cyber Resilience Engagement Coordinator, Scott Tees at

Organisations looking for support and advice can also call the free Cyber Incident Response Helpline on 01786 437 472. The helpline can support organisations that have been a victim of an attack and provide expert guidance to get back to secure operations.

You can report cyber crime to Police Scotland by phoning 101

If you think you have been the victim of a cyber attack contact the Scottish Business Resilience Centre’s (SBRC) cyber incident response helpline 01786 437 472.

Contact information

Alison Forbes
Communications Assistant
Scottish Social Services Council