The NCSC (National Cyber Security Centre) guidance on cybersecurity is an essential element of protecting data.
Many businesses have sought certification under the Cyber Essentials scheme. The scheme has the additional benefit of demonstrating to clients (or prospective clients) that you take the protection of their data seriously.
The Small Business Guide has the following sections, each with five areas to consider and tips:
backing up your data
protecting your organisation from malware
keeping your smartphones (and tablets) safe
using passwords to protect your data
avoiding phishing attacks.
The specific guidance on phishing, where we have seen a dramatic increase over the last 12 months, is aimed at organisations of all sizes, in all sectors.
NCSC state that the guidance issued is not a set of hard rules but is ‘the starting point to help you decide your approach’. However, it also states that if ‘you can't implement all of our recommendations, try to address at least some of the mitigations from within each of the layers of defence …. As a result, you'll be in a much better place to minimise the damage from those phishing attacks that do get through.’
The guidance splits the mitigations into the following four layers to help build defences for a business, which would be useful when pulling together a business’s cyber policy:
make it difficult for attackers to reach your users
help users identify and report suspected phishing emails
protect your organisation from the effects of undetected phishing emails
respond quickly to incidents.
Under each of the headings the problem/issue is stated and the guidance explains how this can be resolved.