Cyber Scotland Week in Glasgow City Council
Information security is a priority for Glasgow City Council, and having participated successfully in Cyber Scotland Week last year, we are keen to remind staff about the importance of looking after the information of our service users, staff and citizens as we go about delivering services. We work hard at Glasgow City Council to instil in our staff the importance of information security, and the activities we are planning for the week will set out to get across important messages about information security via interactive activities that contain an element of fun.
We aim to build on the success of last year’s Cyber Scotland Week by visiting more locations, offering more activities, and engaging with more staff to help them learn how they can keep themselves and the Council safe from cyberattacks.
As we did last year, Council staff and staff from CGI, the Council’s ICT provider, will aim to increase awareness of Cyber Security threats within the workplace and personal lives. A joint team will hold drop-in events over lunchtime at various Council venues to talk to staff about Cyber threats and how to avoid them, and to demonstrate some simple tools to check how “Cyber Savvy” staff are.
Cyber awareness is not restricted to just the workplace, and we should be just as careful at home and apply similar levels of caution when opening e-mails or interacting with others on Social Media. For example, we need to be aware of the potential unintended consequences that sharing information, such as our e-mail address, can have both in a professional and social context. If you share your e-mail address when you sign up to a website, how can you be sure that the site is secure and genuine, and how do you know what the organisation that runs the website will do with your information?
Staff who drop by will be shown the “Haveibeenpwned” tool (https://haveibeenpwned.com/), which is a free website where people can input their e-mail address to identify if it has been leaked in a data breach elsewhere on the internet. Once your address has been leaked, malicious actors can then use this to target you in, for example, an e-mail Phishing campaign. Their motive may be to gain access to your PC or Corporate Network, induce you to take action which results in financial loss, or to direct you to a malicious site to download a virus, malware or, ransomware. Last year, it was encouraging to see a number of visitors to our stand questioning whether the Haveibeenpwnd tool retains their email addresses upon checking, which of course, it doesn’t.
New for this year, staff will also be asked to participate in “The Weakest Link”, an interactive tool where they will be taken through various scenarios aimed at testing their knowledge on potential security breaches and to help Staff identify what a Phishing e-mail looks like and what to look out for, staff can take an E-mail Phishing test. The test will take staff through a variety of different e-mails and after each, the staff member will be told whether the e-mail was legitimate or phishing and what they should look for each time.
We will also be offering staff the chance to take part again in our cyber themed “fairground” activities including hook-a-fish, guess the number of cookies in a jar and tombola, all of which proved an enormous hit with staff last year.
Our resident mannequin “Jo” who pops up in various guises, will again be disguised as a cyberman attempting to break through a (fire)wall – Jo served as a very interesting talking point last year with staff keen to know why it was there.
We will also publish and promote a Cyber Quiz on our intranet throughout Cyber Week in order to engage staff who cannot manage to attend a lunchtime drop-in session, and there will be a prize draw at the end of the week for the entries with the most correct answers.
However it’s not just about Cyber Scotland Week itself. As a follow up, we will be offering teams an opportunity to take part in our “Cyber Escape Room” – an innovative adventure where staff work together to foil an imminent cyberattack by following clues and solving puzzles, each one reinforcing an important aspect of information security.
Gordon Laird, Governance Manager Information, Glasgow City Council
John Bruce, Chief Information Security Officer, CGI