NCSC gives expert advice to small business recovering from cyber crime
The National Cyber Security Centre has published expert advice to help small business recover quickly from cyber attacks.
The NCSC's ‘Response and Recovery Small Business Guide’ sets out a five-point plan of practical advice for small businesses looking to protect themselves from the threat of cyber crime.
According to the NCSC, currently there is around a one in three chance that UK businesses will experience a cyber breach.
The centre's latest guidance looks at continuity planning in the event that a business does fall victim to cyber crime, and follows feedback from businesses keen to ensure they are up and running as soon as possible after an attack.
"The NCSC is committed to helping make the UK the safest place to live and do business online, and the new guidance is the latest in a range of products and services to help small businesses build their cyber security resilience," it said in a statement.
As part of its focus on the UK's small business community, the NCSC has also launched Exercise in a Box, a digital toolkit enabling small businesses and local authorities to test their preparedness for a cyber attack.
“While it is vital that small businesses protect themselves from cyber crime, it is equally important that they know the steps to take if they do fall victim to an attack," said Clare Gardiner, NCSC director of engagement.
“We would encourage all small businesses to familiarise themselves with this guidance so that any impact on their time, finances and reputation can be kept to a minimum.”
The Response and Recovery guidance maps out a response to an attack over the following stages:
- Preparation for incidents;
- Identifying what’s happening;
- Resolving the incident;
- Reporting the incident to wider stakeholders; and
- Learning from the incident.
A range of practical advice is included under these headings, including: identifying critical systems and assets, making an incident plan, analysing antivirus/audit logs to help identify the cause of the incident, and reviewing incident plans to reflect lessons learned.