Reporting fraud and what to do if you've been hacked

You should take steps to protect your business if your website or networks have been:

• hacked
• infected by malware

You can find guidance on the National Cyber Security Centre website about planning your response to a hacking or malware incident, if you're a:

• smaller business
• larger business
• board member

Passwords

If you, or a member of your staff, think their password has been hacked, you should change the password immediately and report this to your IT department.

If the password is for a bank account, you should contact the bank straight away.

Networks and websites

You can find advice on what to do if your business is hacked on the Cisco blog.

Reporting

You can report fraud or online crime, involving any incidents of hacking or malware to Police Scotland:

• by telephone 999 (emergency) 101 (non-emergency)
• in person at any police station

You might also need to get in touch with your customers or suppliers if their data has been stolen or lost.

There are some incidents that organisations need to inform the Information Commissioner's Office (ICO) about. This includes a personal data breach under GDPR or Data Protection Act 2018.

A personal data breach is a breach of security that means personal data is accidentally or unlawfully:

• destroyed
• lost
• changed
• disclosed
• accessed

The ICO website has an assessment that can help you find out if you need to report to the ICO.

Cyber-security Information Sharing Partnership

The Cyber-security Information Sharing Partnership allows businesses to share information about online threats.

It's run by businesses and the UK Government.

You can find more information about joining on the National Cyber Security Centre website.