Reporting fraud and what to do if you've been hacked
You should take steps to protect your business if your website or networks have been:
- hacked
- infected by malware
You can find guidance on the National Cyber Security Centre website about planning your response to a hacking or malware incident, if you're a:
- smaller business
- larger business
- board member
Passwords
If you, or a member of your staff, think their password has been hacked, you should change the password immediately and report this to your IT department.
If the password is for a bank account, you should contact the bank straight away.
Networks and websites
You can find advice on what to do if your business is hacked on the Cisco blog.
Reporting
You can report fraud or online crime, involving any incidents of hacking or malware to Police Scotland:
- by telephone 999 (emergency) 101 (non-emergency)
- in person at any police station
You might also need to get in touch with your customers or suppliers if their data has been stolen or lost.
There are some incidents that organisations need to inform the Information Commissioner's Office (ICO) about. This includes a personal data breach under GDPR or Data Protection Act 2018.
A personal data breach is a breach of security that means personal data is accidentally or unlawfully:
- destroyed
- lost
- changed
- disclosed
- accessed
The ICO website has an assessment that can help you find out if you need to report to the ICO.
Cyber-security Information Sharing Partnership
The Cyber-security Information Sharing Partnership allows businesses to share information about online threats.
It's run by businesses and the UK Government.
You can find more information about joining on the National Cyber Security Centre website.
There is a problem
Thanks for your feedback