National Cyber Security Centre
Small businesses given support to bounce back from cyber attacks
The NCSC has published guidance for small businesses looking to prepare their response to and plan their recovery from a cyber incident.
- Response and Recovery guide offers a 5-point plan to help get businesses back on their feet after an incident
- Guidance follows the journey from preparing for an attack to learning lessons in the event that one happens
- It is the latest in a range of products and services to help small businesses build their cyber security resilience
UK small businesses will be helped to recover quickly from cyber attacks thanks to expert advice published by the National Cyber Security Centre (NCSC).
The ‘Response and Recovery Small Business Guide’ sets out a 5-point plan of practical advice from the point of preparing for an incident through to the stage of learning lessons from it.
It follows the publication in 2017 of the NCSC Small Business Guide, which provided help for business to protect themselves from cyber crime. Currently there is around a one in three chance that UK businesses will experience a cyber breach.
The latest guidance looks at continuity planning in the event that a business does fall victim to cyber crime, and follows feedback from businesses keen to ensure they are up and running as soon as possible after an attack.
The NCSC is committed to helping make the UK the safest place to live and do business online, and the new guidance is the latest in a range of products and services to help small businesses build their cyber security resilience. This includes Exercise in a Box, the digital toolkit recently launched to help small businesses and local authorities test their preparedness for a cyber attack.
Clare Gardiner, NCSC Director of Engagement, yesterday said:
“While it is vital that small businesses protect themselves from cyber crime, it is equally important that they know the steps to take if they do fall victim to an attack.
“We understand that it can be difficult for businesses to know where to start in the event of an attack, and the NCSC’s Response and Recovery Guide is designed to help them through the process from those crucial early preparation stages through to the lessons learned review.
“We would encourage all small businesses to familiarise themselves with this guidance so that any impact on their time, finances and reputation can be kept to a minimum.”
The Response and Recovery guidance maps out a response to an attack over the following stages:
- Preparation for incidents
- Identifying what’s happening
- Resolving the incident
- Reporting the incident to wider stakeholders
- Learning from the incident
A range of practical advice is included under these headings, including: identifying critical systems and assets, making an incident plan, analysing antivirus/audit logs to help identify the cause of the incident, and reviewing incident plans to reflect lessons learned.
The guidance was produced in response to a range of questions from small businesses following the publication of the Small Business Guide, such as how they should react to an incident and how they get back to business as usual.
It will form part of the Small Business Guide portfolio of products, alongside the original guide and the recently published actions list. We aim to create a pathway of products and services to help small businesses build their cyber security resilience and develop their maturity.
Latest News from
National Cyber Security Centre
NCSC supports Northern Ireland’s push to strengthen cyber security capabilities19/02/2020 12:05:00
The Northern Ireland Cyber Security Centre is open and will work closely with the NCSC going forward.
Girlguiding take on cyber security challenges19/02/2020 10:15:00
The NCSC partners with Girlguiding South West England, as part of the drive to increase female representation in cyber security.
Advisory: Trickbot17/02/2020 10:10:00
How organisations can protect their networks from the ‘Trickbot’ banking trojan.
Schoolgirls across the UK show their cyber skills12/02/2020 16:15:00
Hundreds demonstrated their cyber security know-how during the co-ordinated series of competitions across the UK.
Development days open for CyberFirst Girls12/02/2020 10:43:00
Girls that entered the 2019 and 2020 CyberFirst Girls Competitions are now eligible to attend free Development Days across the UK.
CyberFirst Girls Competition – regional finals this Saturday07/02/2020 15:43:00
Across 18 UK venues, schoolgirls will be taking part in the Girls Competition semi-finals this weekend.
Launch of major survey on diversity in the UK cyber sector03/02/2020 09:15:00
A survey has been launched to help improve diversity in the cyber security industry.
Alert: Actors exploiting Citrix products vulnerability29/01/2020 17:08:00
An NCSC alert detailing the investigation into the exploitation of a critical vulnerability in Citrix products.
New plans to safeguard country’s telecoms network and pave way for fast, reliable and secure connectivity28/01/2020 16:15:00
NEW restrictions should be placed on the use of high risk vendors in the UK’s 5G and gigabit-capable networks, the government has announced at the conclusion of its Telecoms Supply Chain Review.