The Embed pathway is for anyone who is responsible for managing or supporting others (e.g. supervisors, team leaders, first level managers), or anyone aspiring to develop their knowledge beyond the Explore pathway. This pathway builds on the themes introduced in Explore.
| Read |
In 2021, the Scottish Government published a framework to help ensure Scotland is digitally secure and cyber resilient. The framework outlines four outcomes that it is useful to be aware of: 1. People recognise the cyber risks and are well prepared to manage them 2. Businesses and organisations recognise the cyber risks and are well prepared to manage them 3. Digital public services are secure and cyber resilient 4. National cyber incident response arrangements are effective Use the link below to have a look at the full framework and find out more about the outcomes and how they will be achieved: Link: The Strategic Framework for a Cyber Resilient Scotland |
| Question |
The framework stresses the importance of people being able to identify and manage cyber risks.
|
| Task |
| Find out what help and training is available across your organisation to support staff to build their cyber security knowledge, and ensure that your colleagues are aware of this. |
| Read |
The Information Commissioner's Office (ICO) is the UK's independent authority responsible for upholding information rights in the public interest and promoting data privacy for individuals, acting as a regulator for data protection and information rights law. This page on their website contains practical tips for ensuring cyber safety in the workplace. Link: 11 practical ways to keep your IT systems safe and secure |
| Question |
Reflecting on the ICO's advice, do you think you and your colleagues are cyber safe at work? Is there more that you could do to implement the guidance? |
| Question |
| Why do you think health and social care services are targeted by cyber attackers? |
| Read |
This information from the World Health Organisation (WHO) looks specifically at cyber security across health and social care services: |
| Reflect |
| The WHO information explains how cyber attacks can impact those who use services in a number of ways, one of which is through the locking of access to critical systems. Thinking about the systems you use within your role, how would blocked access to these affect those you support and your wider organisation? |
| Read |
One of the best ways to prepare for and protect against cyber attacks is to learn from incidents that have occurred before. It’s essential that cyber threats are analysed to spot patterns and identify the attack methods that are being used repeatedly across health and social care services. Despite this, there can still be a reluctance to openly share what went wrong when attacks have happened. This article delves into why this is the case, and what we can do to support a culture of sharing and learning: Link: Why are we so afraid to talk about cyber attacks? - Digital Care Hub |
| Question |
| The article stresses the importance of learning from cyber incidents, rather than placing blame or highlighting negligence. What can you do to create a culture in which those around you feel confident to openly talk about instances where cyber security has been compromised? How can you encourage your colleagues to share their experiences and lessons learnt? |
| Overview |
| Cyber criminals use a range of techniques to trick people into revealing sensitive information, downloading malicious software or giving access to systems. These attacks often rely on social engineering, where attackers manipulate trust, urgency or fear rather than exploiting technical weaknesses. |
| Examples |
Two common examples are: Phishing - scam emails or text messages designed to persuade you to click a link, open an attachment or provide personal information. Vishing (Voice Phishing) - scam phone calls or voice messages where criminals impersonate trusted organisations such as banks, IT support teams or government bodies. They may ask you to confirm personal details, share security codes, transfer money or provide access to systems. |
| Remember |
As cyber criminals increasingly use AI to create convincing and personalised communications, it can become more difficult to distinguish genuine contact from a scam. Remember: If something feels suspicious, pause and verify it independently. Never share sensitive information, passwords or security codes unless you are certain of who you are speaking to. |
| Quiz |
Work through this short quiz where you’ll be asked to determine whether email messages are genuine or attempts at phishing. Be sure to note down any advice and tips as you work through the questions: Link: Jigsaw | Phishing Quiz |
You can register to receive our monthly Digital Workforce Update. This will keep you informed when pathway content is updated or new resources are added. You will also receive details of events, news, opportunities and updates from our wider national resources and learning networks.
To share any comments or questions you have about the pathway, please use this Feedback Form. You can also let us know if any of the links aren’t working, or the resources aren’t available.