NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020

Small and medium-sized enterprises (SMEs) that have pivoted to full or partial remote working during the Covid-19 pandemic can now access revised cyber security guidance from the National Cyber Security Centre (NCSC) with the launch of its revamped Small Business Guide.

The new guide, which was first published in 2017, can be accessed via the NCSC’s website and lays out five low cost and easily actionable steps SMEs can take to shore up their security posture, including guidance on protecting passwords and avoiding email phishing attacks.

Figures compiled via the Department for Digital, Culture, Media and Sport (DCMS) show that around 52% of small and micro businesses fell victim to some form of cyber attack in the past year, with the average cost of rectifying an incident coming in at about £1,000, and as high as £3,000, a non-trivial amount for many of the UK’s smallest firms.

“Cyber security can seem overwhelming for some small business owners, but it’s never been more important to ensure that measures are in place to protect against online threats,” said Sarah Lyons, deputy director for economy and society engagement at the NCSC.

“That’s why the re-launch of our Small Business Guide is so timely, and I would strongly encourage businesses to consult it, whether they have previously done so or not,” said Lyons.

“By acting on the guide’s five key recommendations, small businesses can significantly reduce their chances of falling victim to a cyber attack and help to keep their day-to-day operations running smoothly,” she added.   

The five core areas SMEs should be focusing on, according to the NCSC, are:

  1. Backing up data regularly and keeping backed up files separate;
  2. Warding off malware by turning on firewalls, stopping staff from downloading things they should not, and restricting the use of USB sticks;
  3. Keeping mobile devices safe by activating options that allow them to be wiped remotely, keeping them patched and up to date, and not connecting them to unknown networks;
  4. Practising good password hygiene, avoiding predictable or easy to guess passwords, changing defaults, and using two-factor authentication where possible;
  5. Educating yourself on how to spot phishing attacks and testing resilience using the NCSC’s Exercise in a Box.

Besides refreshing its Small Business Guide, the NCSC has also reviewed and updated resources designed to help SMEs implement its recommendations, and its guidance on response and recovery, which sets out what SMEs can do to prepare for a security incident, and manage, resolve and report one should it occur.

Read more about the work of the NCSC

Read more on IT risk management