Small Business Update from the National Cyber Security Centre
SMEs - Small business guide https://www.ncsc.gov.uk/collection/small-business-guide
Microbusinesses, sole traders - Cyber Action plan https://www.ncsc.gov.uk/cyberaware/actionplan
Citizens - Cyber Aware https://www.ncsc.gov.uk/cyberaware/home
Organisations should also consider adopting Cyber Essentials to help guard against the most common cyber threats and demonstrate a commitment to cyber security.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences.
The guidance encourages organisations to follow actionable steps which reduce the risk of your organisation falling victim to an attack.
The security protection check list for small business includes:
* Ensuring critical assets are patched and up to date, and that appropriate compensating controls are in place where they are not
* Review account management practices, and ensure that only those who need it have admin rights to services
* Ensure antivirus protections on both servers and workstations are up to date and are being monitored
* Review firewall rules and remove/disable any redundant rules that could allow a threat actor access
* Make sure backups and recovery processes are following the backup 3-2-1 methodologies and have been tested
* Ensure all critical services are being monitored
* Update the incident response plan and test it, to ensure the organisation is prepared in the event of a security incident
* Revisit phishing awareness training, as this is a common threat route for most advanced persistent threat (APT) groups
We would also encourage you to follow the NCSC’s social media channels: LinkedIn and Twitter for further alerts and updates.
For more information about Cyber Essentials Certification, please contact your FOS.net account manager.