Cyber-attacks a top concern for over a third of UK small businesses

The news comes as the National Cyber Security Centre (NCSC) warns UK businesses to bolster their protection measures in response to increased risk of malicious cyber-incidents linked to Russia-Ukraine tensions. 

Zoe Knight, Commercial Insurance Specialist at NFU Mutual, said: “While the national alert sees concern and guidance geared at larger businesses, smaller businesses should not take this as a cue to disregard potential dangers. The ongoing threat of cyber-attack is so prevailing that all businesses need a well-understood cyber strategy to avoid falling victim. We are concerned that many smaller firms, who are less likely to have a response plan in place, are leaving themselves vulnerable.

“Cyber-attacks on small businesses can have wide-ranging and wide-reaching impacts. Laptops and PCs may be locked for days, weeks or months, and core business data can be inaccessible, encrypted or erased. The result can be the loss of reputation, trust and custom, while the business still incurs the full costs of operating- something which no small business can sustain for long.”

NFU Mutual has partnered with business continuity experts Inoni to produce a range of free tools to help make sure businesses are prepared should the worst happen. The toolkit, which includes cyber-security guidance, has been created specifically for small businesses. The resources offer support with assessing current business resilience and identifying possible areas for action. Free downloadable continuity plan templates and a series of articles highlighting key risks and mitigating actions are also provided.

Zoe added: “It is essential for small businesses to assess their cyber security, the protection measures they have in place and their continuity plans should an attack take place. With cyber-attacks growing in both sophistication and frequency, we want to help businesses understand the dangers, and be prepared to react quickly in the event of an incident.

“The least-well-defended businesses often become the top targets, simply because they take less time and effort to exploit. However, even the most secure systems can get hacked if the potential reward is big enough, whether that’s money, notoriety, information or malicious intent. Businesses should consider both an in-house technical specialist and cyber insurance to give themselves maximum protection both before and in the event of an incident.”

NFU Mutual and Inoni have shared the following initial steps for cyber-security protection:

• Draw up an information security strategy and policy
• Identify all the electronic information that is essential to keep your business running
• Train staff in information security principles and practices
• Run the latest security software, browser versions and operating systems on all devices
• Install and maintain effective firewalls, including home user devices
• Control physical access to all your computers and devices
• Prevent and prohibit all forms of shared access
• Make sure Wi-Fi networks are password-secure and encrypted
• Fully apply best practices on accepting payments by cards and keeping payment card data
• Control employee access to data on a strict need-to-know basis
• Restrict authority to install software on company devices
• Take backups daily or weekly and check you can restore them.

The NCSC identifies steps for responding to and recovering from a cyber incident:

• Learn to identify warning signs, such as slow systems, strange emails or unusual activity
• Analyse what’s happening and assess the potential impact, and isolate affected devices
• Run antivirus on the affected devices, and seek online clues and advice
• Depending on the type of incident, the person responsible for the IT management of your business should then:
• Replace or re-image (clean) affected hardware
• Restore and rebuild from backups
• Apply patching (repair) software, where available
• Change all potentially compromised passwords on all devices