Cyber Security for Small to Medium Businesses

21 Feb 2018

In January 2017 ENTRUST published a news item to brief Environmental Bodies (EBs) on cyber security and the National Cyber Security Centre (NCSC).

Cyber security is a critical issue in the 21st Century, whether operating in the public or private sector. Cyber security encompasses the protection of computer or Information Systems (IS) from accidental or intentional malevolent attack.

A strong cyber security policy is designed to protect the organisation from theft or property (either hardware or software), the theft of data and information held on systems. It should also minimise the potential harm from individuals intent on causing disruption of services, such as the introduction of viruses to the system. Finally, it endeavours to ensure clear, secure procedures which individuals employed by the company should use to prevent attack or loss of data or hardware.

In October 2017 the NCSC released a new guidance document called 'Cyber Security: Small Business Guide'. Following on from the NCSC's '10 Steps to Cyber Security' document which we shared with EBs last year. This new document has been produced to help small businesses protect themselves and improve cyber security within their company.

The NCSC advise that:

"If you're a small or medium-sized enterprise (SME) then there's around a 1 in 2 chance that you'll experience a cyber security breach."

The document 'Cyber Security: Small Business Guide' is available on the right hand side of this page* or you can follow this link to access the online guidance and a series of videos that introduce the NCSC's guidance for small businesses. The document covers:

  • Backing up your data;
  • Protecting your organisation from malware;
  • Keeping smartphones and tablets safe;
  • Using passwords to protect data; and
  • Avoiding phishing attacks.

The NCSC also recommend that if you wish to further improve your cyber security you can seek certification under the Cyber Essentials scheme. ENTRUST became certified under the Cyber Essentials scheme in September 2016. You can find out more about the scheme here.

ENTRUST would encourage EBs to review NCSC's guidance, which will help to mitigate the risk of a cyber attack on your organisation.

The NCSC was set up in October 2016 and provides advice, guidance and support on cyber security. It brings together expertise from Communications-Electronics Security Group (CESG) which is the information assurance arm of the Government Communications Headquarters (GCHQ), the Centre for Cyber Assessment, the UK National Computer Emergency Response Team (CERT-UK) and the Centre for the Protection of National Infrastructure. The NCSC also works collaboratively with other law enforcement, defence, the UK's intelligence and security agencies and international partners.

* Contains public sector information licensed under the Open Government Licence v3.0.