Following the Russian invasion of Ukraine, the UK’s National Cyber Security Centre (NCSC) is calling on all UK businesses to improve their cyber security posture.
NSCS are currently unaware of any direct threats to the UK’s businesses; however, historical patterns of cyber-attacks have had repercussions that have occurred on an international level. This is also backed up by previous evidence of Russia favouring cyber-attacks to disrupt businesses in other countries.
Unfortunately, cyber-attacks cannot be prevented or avoided. However, there are multiple ways you can reduce vulnerability and recover your data if the worst was to occur.
Here are the 11 tips that the NCSC advise for UK businesses to follow:
System Patching
Verify access controls
Ensure defences are working
Logging & monitoring
Review backups
Incident plan
Check internet footprint
Phishing response
Third-party Access
NCSC services
Brief wider communication
This may seem daunting, and because of that, we have decided to make things easier by picking out the six most recommended points to help you secure your business as well as customers and employees.
Independent Cyber Security Assessments
The first recommendation is to make sure your business undergoes an independent cyber security assessment; this is to ensure that you have the basic protection available in place to help improve your cyber security. For anyone who is just beginning to work on cyber security for their business, we recommend using Cyber Essentials Scheme.
System patching
Our second recommendation is to patch all systems such as servers, computers, laptops, networking equipment and even your mobile phones. These all need to be as up to date as possible so that any bugs or issues have been fixed to reduce any risk of older updates having loopholes that could allow a security breach by an attack.
Access control
This recommendation is all about passwords. Any weaker password or old password must be updated to be more complex and stronger. Wherever possible multi-factor authentication or ‘two-step’ authentication should be put in place to add a second layer of protection against anyone trying to hack in or login that shouldn’t be. For guidance on passwords, there is a video available on the YouTube channel and a blog here on our website. This also means that you should not be sharing your passwords with anyone other than yourself, as it increases the risk of breaches in security.
Security Software
Every device that is involved with your business must be protected with solid security software. This will again add another defence against cyber-attacks. This also includes any firewalls in your business to be tied down and secured. Our recommendation for Security software is Sofos intercept advance.
Phishing emails
Unfortunately, phishing emails are a very common type of cyber-attack; this means we need to be able to spot these emails and know how to deal with them if we do receive them. There are multiple videos on our YouTube to help educate people on these emails, and now it is even more important to learn about them as there has been an increase in the number of these emails recently. Although we cannot prevent ourselves and business accounts from receiving these emails, we can train ourselves and staff on what to look for as part of cyber security training that is more important now than ever.
Backup
Finally, the best way to be able to ensure that you can recover from a cyber-attack is to back your data and software up. Servers should be backed up if you have any and if not, make sure that you have a third party back up instead, preferably on Microsoft 365.
Those are our six main tips on how to help strengthen and protect your business from a cyber-attack. The UK is under heightened alert, which means we need to act now and protect ourselves and businesses from any sign of threat and cyber-attacks.