NCSC Publishes Practical Security Guidance For SMBs

Written by

A leading UK security agency has today published a new guide for small and medium-sized businesses (SMBs) designed to help reduce the potential impact of cyber-attacks when using online services.

The National Cyber Security Centre (NCSC) said its Using online services safely guide is specifically aimed at organizations that may not have access to dedicated IT and support staff.

“This is specifically written for small and medium sized enterprises (SMEs), who may be overwhelmed by our existing cloud security guidance (which is aimed squarely at IT professionals and contains a lot more technical details),” wrote Amelia H of the NCSC’s Economy and Society team.

“Our new guidance will help SMEs use online services more securely, so that they’re less likely to be the victim of a cyber-attack.”

Read more on SME security: Over Half of SMEs Have Experienced a Cybersecurity Breach

Smaller organizations are increasingly dependent on cloud or online services, especially as many staff now work from home part or all of the time following the pandemic.

“Many SMEs already rely on online services for day-to-day tasks, even if they’re not aware of it. This includes email and instant message communications, cloud storage, website/shop hosting, online accounting and invoicing, or simply using social media to engage with customers,” argued Amelia H.

“How long could your business operate without these critical functions if you couldn’t log onto your computers as a result of (for example) a ransomware attack? Or if you were locked out of an online account?”

The guide contains 10 pages of simple, practical advice, ranging from choosing the right service and backing up data to domain name security, creating and securing user/admin accounts and defending them from malware. There’s also guidance on how to use the built-in security features of popular cloud services and recover a hacked account or service following an attack.

According to a government report, from April 2023, a third (32%) of UK businesses suffered a security breach or cyber-attack in the previous 12 months, rising to 59% of medium businesses.

What’s hot on Infosecurity Magazine?