A new IT security training workshop will give organisations the tools to protect themselves against the reputational risk associated with data leaks.

‘Sensitive Data Leaks’ is a scenario facilitated by the Scottish Business Resilience Centre (SBRC) as part of the National Cyber Security Centre’s (NCSC) ‘Exercise in a Box’ programme. 

The free-to-attend workshop – virtually or in person in Glasgow, Edinburgh, Aberdeen and Dundee – will explore how organisations should handle a threat as a result of a data leak.

This includes securely offboarding an unhappy employee and the steps that should be taken when escalating a security incident internally. The workshop will also include guidance on what (if any) legal action may be needed following such an incident.

Sensitive Data Leaks’ is the fifth scenario that the SBRC has brought to Scotland as part of Exercise in a Box, alongside ‘Working from Home’, ‘Digital Supply Chain’, ‘Ransomware’ and ‘Micro Exercises’.

Jude McCorry, CEO of the SBRC, said: “Data leaks can be a significant threat for organisations – particularly if they come from a disgruntled employee, who might have insider information on how to access sensitive files. As so many organisations operate online, nearly every company will hold personal or sensitive data that must be kept safe.

“No business is immune to the threat of a cyber attack; Exercise in a Box workshops are designed to give organisations the support needed to start their cyber journey in a safe environment. We have seen a huge demand for these free sessions and encourage all organisations to take every available step to prevent or limit the fallout of a cyber attack.”

Steve O, Head of Cyber Exercising and Exercise in a Box Service Owner, NCSC, said: “Exercise in a Box provides crucial support to organisations across the globe, encompassing a number of challenging exercises for organisations to practice their response to a cyber incident in a safe and private environment.

“Using the Sensitive Data Leak scenario from the Exercise in a Box toolkit, SBRC’s team of Ethical Hackers will challenge your data protection policies and processes in a discussion based exercise aimed at improving your organisation’s resilience to extortion and sensitive data leaks.

“The support provided by the Scottish Government to the Scottish Business Resilience Centre to successfully run Exercise in a Box workshops across Scotland is commendable and I strongly recommend all organisations to consider taking it up and strengthen their cyber defences.”

The workshop is being launched at a time when 39 per cent of businesses have reported falling victim to a cyberattack according to the UK government’s Cyber Security Breaches Survey.

The SBRC has so far delivered over 100 sessions to over 550 businesses since bringing the workshop series to Scotland in 2020. In August, the organisation was awarded the contract by the Scottish Government to extend Exercise in a Box for a third year.

The first Sensitive Data Leaks session will be held online on November 10, further details on this session are available on the SBRC website here. Details on all Exercise in a Box workshops, are available on the SBRC website here.

As part of the 10th European Cyber Security month, the SBRC in collaboration with the NCSC have launched an introduction to Exercise in a Box video, which can be found here.