Greater reliance on digital technology has increased the impact of breaches and the shift to homeworking and the use of collaboration tools has opened up new vulnerabilities. Attackers have also been keen to exploit the changing circumstances and there have been reported rises in phishing and ransomware attacks, in particular.
However, SMEs have been hard to reach and help with cybersecurity support. The ‘SME’ definition covers a huge range of organisations and makes up 99% of all business in the UK. Often SMEs do not have the budget of large organisations to spend on cybersecurity. They can lack skills and knowledge around what can be seen as a technical topic and often don't know where to start with good cybersecurity practices.
As a result, the UK National Cyber Security Centre (NCSC) has developed some resources aimed specifically at SME, microbusiness and sole practitioners. These are all freely available from the NCSC website.
Cyber Coffee Workshop
First, the NCSC has launched a new newsletter aimed specifically at SMEs, which will provide them with regular tips and updates on cybersecurity. NCSC wants to arm small businesses with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information.
You sign up using the link here. The NCSC has also called for topic suggestions on what businesses would like covered in upcoming issues.
Cyber awareness for microbusinesses and sole practitioners
This newsletter comes on top of a new Cyber Awareness campaign that targets microbusinesses and sole practitioners. The campaign focuses on six tips that will help such organisations improve their cyber defences against phishing, ransomware, and other cyber-attacks. It also provides a self-assessment tool that provides tailored advice. The NCSC outlined the campaign in more detail in this article for ICAEW members.
Small Business Guide: Cyber Security
This guide was updated in 2020 and provides more detailed advice on the key topics which SMEs should focus on – backups, malware, devices, passwords and phishing attacks. Evidence over the years has shown that most attacks can be prevented, or the effects mitigated, by having good 'cyber hygiene' in place. Therefore, while SMEs can feel overwhelmed by the topic, implementing these kinds of basic measures can make a real difference to their security in practice. The guide can be found here.
Kirstin Gillon, Tech Faculty manager, said: "We know that it can be really difficult for very small businesses to know where to start with developing good cyber hygiene. We really welcome the very practical and simple steps that the NCSC is highlighting and hope that members make full use of all the available resources."
ICAEW Know-How from the Tech Faculty
This guidance is created by the Tech Faculty & recognised internationally as a leading authority on technology and the digital economy. The Faculty draws on expertise from the accountancy profession, tech industry and others to influence and inform government and international bodies.