New security training for Scottish firms

Small and medium-sized businesses in Scotland are being urged to invest in new training to prevent corrupt and careless employees compromising their security.

The Scottish Business Resilience Centre (SBRC) is to deliver the first accredited training programme designed to combat the fact almost 85 per cent of all fraud is committed by past and present employees.

The first of six packages will focus on processes around individuals joining, moving or leaving organisations, such as vetting, and is to be piloted with a handful of credit unions within weeks.

Training is to be targeted at small and medium-sized enterprises (SMEs) across a range of sectors, though the SBRC has said materials can be tailored should bigger businesses express an interest.

It follows concerns expressed within Scotland’s Serious Organised Crime Taskforce that legitimate businesses are at increasingly susceptible to the so-called ‘insider threat’.

“They’re aimed fairly and squarely at the small to medium enterprise,” SBRC associate Grahame Clarke, who has been involved in devising the training, told Holyrood. 

“Big companies like Royal Bank of Scotland can protect themselves, we know they can, because they’ve got big budgets to protect themselves, they employ the very best people, the very best techniques, the very best systems. 

“But equally the risk is at any level, so it could be the small to medium enterprise who employs 16 people and very often that insider threat, somebody going in and stealing the database or copying the database of their customer client list, can be catastrophic to that enterprise.”

The six packages are:

• Joiners, movers and leavers
• Investigation and post-incident management
• Security and access controls
• Staff monitoring critical behaviours, risk identification and integrity testing
• Procurement, fraud, counterfeiting and organised crime
• Security networking, cyber impersonation and infiltration

Clarke added: “It’s about raising awareness and it’s about giving them the tools, the experience and suggestions to protect themselves. The six packages that we’ve come up with are all about providing that cost-effective short sharp awareness training to them to let them protect themselves.”

Costs will be based on the size of organisation and number of individuals signed up, though Clarke stressed “we are not talking hundreds of pounds”.

Latest estimates put the number of SMEs operating in Scotland at 332,720, accounting for 99.3 per cent of all private sector enterprises and more than half of private sector employment.