An important update for all staff:
In the last week, two charity organisations who work closely with the Council have fallen victim of ransomware attacks. Further to this in the last few months Western Isles Council and three local authorities in England have also fallen victim to this type of devastating cyber-attack.
A ransomware attack removes access to your data by encrypting it, additionally the attacker will use the threat of publicly releasing this data in an attempt to extort a ransom payment.
This type of attack often results in substantial financial and reputational loss and can have a huge impact on the ability of organisations to deliver vital services.
Phishing emails
Phishing emails remain the primary method of initiating a variety of cyber-attacks. Using malicious links or attachments the attacker will attempt to steal login credentials or gain access to systems.
Police Scotland have also warned of an increase in “spear-phishing” attacks. Spear-phishing is a type of bespoke phishing attack crafted to target specific individuals or organisations. Attackers use information known to be of interest to the target to add to the perceived authenticity.
Artificial intelligence technologies continue to increase the sophistication of phishing attacks and lower the skill level required to execute a successful attack. However, the tell-tale indicators remain the same and we can all arm ourselves to be able to correctly identify this type of malicious email.
Cyber security top tips
- Be on the lookout for suspicious emails that use any of the common indicators of phishing. Be extremely wary of unexpected links and attachments.
- Use a strong password. By using a strong password, it makes it more difficult for an attacker to guess or “crack” your password, which can then be used to gain unauthorised access to systems and information.
- Enable Multifactor Authentication on all your accounts. This added layer of defence makes it difficult for an attacker to gain access to a system if they have managed to compromise your login details, as they would also need the “second factor” to fully authenticate.
- Keep your devices up to date. Install updates as soon as possible.
- Trust your gut – if something seems too good to be true, it usually is.
If you are at all unsure of an email or see any other suspicious activity, please report this to the Cyber Security team via the IT Customer Portal or using cybersecurityteam@north-ayrshire.gov.uk
Thank you for taking the time to read this post and remaining vigilant. If you have any queries, or need any further advice, please do not hesitate to contact the Cyber Security team.