UK’s National Cyber Security Centre publishes urgent guidance – here’s what it means for small businesses during the pandemic

Businesses are transitioning to full-time remote working in social distancing measures designed to slow the UK spread of Covid-19. While workers struggle with a ‘new normal’, cybercriminals are, unfortunately, doing what they always do best: capitalising on the situation. Here’s what your small business needs to know from the Coronavirus NCSC advice…

What are the biggest risks?

The shift to remote working exposes lots of businesses to cybersecurity challenges they’ve not previously had to deal with. There’s been a rise in reports of phishing, malware and ransomware attacks on small businesses as cybercriminals cash in.

The risk of devices being lost, stolen or damaged increases outside the office. Moving data around between personal and work devices, and using home wifi networks also add layers of risk.

Then there’s the stress everyone is working under. These are strange times we’re all having to adapt to. The vigilance your staff normally have might not be there now – so attacks that play on trust are gaining ground.

Lastly, there’s the risk of using new apps, browser add-ons and video chat to keep business moving, or to socialise on a work-related device. If you’re not careful, using apps – even apps registered in the App Store or Google Play – could give cybercriminals a foothold in your business.

What’s the NCSC’s advice?

The UK Government’s National Cyber Security Centre has issued urgent guidance to help prepare businesses for the surge in cybercrime. Here’s what they advise:

• Set new accounts and systems up with strong passwords, including two-factor authentication where possible.
• Provide written guidance for any new services you expect staff to use – like video conferencing, for instance. And test that software works as you’d expect before rolling it out
• Encrypt all devices with work-related data, which will protect your business if the device is lost or stolen. Encryption settings might need to be configured individually – something we can help with
• Implement remote monitoring tools, which can be used to lock access to the device, erase the data, or retrieve a backup if something goes wrong
• Make sure your staff know how to tell you if there’s a problem. That includes teaching them the common signs of a cyberattack, and good practices on keeping devices backed up and up to date. Again, we’re on hand to help with this, providing a cybersecurity training tool your staff will want to use
• Add VPN access where you can. Virtual Private Networks allow remote users to securely access your email, file storage and network services by encrypting data. If you’re already using a VPN, now’s the time to check it’s fully patched and has all the licenses and capacity needed for more users
• Put clear policies in place around using personal devices to access work data and removable storage (such as USB sticks)
• Spread the word about the latest forms of cyberattack, so your staff know what to look out for. Recently, the NCSC has seen a rise in phishing attacks (attacks via email that look trustworthy) which prey on fears around the Coronavirus

What does all this mean for your small business?

Whether or not your small business is new to remote working, it’s time to check your cybersecurity plans. Most cyberattacks are only successful because of human error, and you and your staff are probably facing stress at work and at home that will make you more vulnerable to the kinds of confidence tricks cybercriminals use. Keep cybersecurity part of the conversation – talk about the latest threats on team calls, share security alerts on Teams or Slack channels, and encourage your staff to tell you about any potential problems as early as possible. They’re your best line of defence.

We’re here, as always, to help. We can help you take your staff through simple training to strengthen their vigilance, as well as handle practical measures like upgrading system accesses to multi-factor authentication and handling VPNs and remote security monitoring. Contact us to find out more about what we’re doing to help our small business customers stay secure.