WIREDGOV

The NCSC Small Business Guide has been revamped for 2020 as well as the response and recovery guidance.

• The NCSC’s ‘Small Business Guide’ sets out key areas for business cyber security
• Timely revamp will help organisations now operating online due to coronavirus
• Latest in a raft of measures from the NCSC, a part of GCHQ, to help small businesses thrive online

Small businesses will benefit from a revamped version of a popular guide telling them how to stay safe online that was published yesterday by cyber experts.

The National Cyber Security Centre’s (NCSC) re-launched Small Business Guide sets out five key areas for businesses to help improve their cyber security.

The new-look guidance arrives at a time when many organisations have moved their operations online due to the coronavirus pandemic. It highlights accessible and actionable steps to take which have little to no cost.

The five steps in the Guide, the original version of which was published in 2017, include advice on protecting passwords and avoiding email phishing attacks.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, yesterday said:

“Cyber security can seem overwhelming for some small business owners, but it’s never been more important to ensure that measures are in place to protect against online threats.

“That’s why the re-launch of our Small Business Guide is so timely, and I would strongly encourage businesses to consult it, whether they have previously done so or not.

“By acting on the guide’s five key recommendations, small businesses can significantly reduce their chances of falling victim to a cyber attack and help to keep their day-to-day operations running smoothly.”

The five recommended areas of focus are:

1. Backing up your data: Top tips include keeping a back-up of data separate, reading our Cloud Security guidance, and backing up regularly.
2. Protecting from malware: Top tips include switching on firewalls, preventing staff downloading dodgy apps, and controlling how USBs can be used.
3. Keeping your smartphones (and tablets) safe: Top tips include making sure devices can be wiped remotely, not connecting to unknown Wi-Fi networks and keeping device software up-to-date.
4. Using passwords to protect your data: Top tips include avoiding predictable passwords, using two-factor authentication, and changing default passwords.
5. Avoid phishing attacks: Top tips include checking for obvious signs of phishing, reporting all attacks, and testing resilience using our Exercise in a Box tool

Earlier this year, a survey by the Department for Digital, Culture, Media and Sport (DCMS) found around half of micro and small businesses (52%) reported falling victim to a cyber security breach or cyber attack in the past year. The average cost to these businesses was nearly £1,000 – rising to more than £3,000 for some.

The Small Business Guide is part of a collection of NCSC guidance which has been reviewed and refreshed to offer up-to-date tips on implementing key security controls.

This includes the Small Business Guide: ‘Actions’ resource, which breaks down the recommendations into individual steps, and our Response and Recovery guidance which outlines how to prepare, manage, resolve and report an incident if one does occur.

The NCSC has published tailored advice and guidance to support all organisations, including how they can securely move their physical operations online and safely scale-up home working.