Protect your business online

The latest UK government survey shows that cyber security breaches and attacks remain a common threat to businesses.

Overall, a third of businesses (32%) and a quarter of charities (24%) surveyed report having experienced some kind of cyber security breach or attack in the last 12 months. Medium and large organisations seem to be at greater risk, but no business is immune regardless of size or industry.

It's important that all businesses take steps to protect themselves and their organisation online.

The National Cyber Security Centre (NCSC) has outlined top tips for staying safe online:

1. Make regular backups of your key systems and data. Keep copies securely off-site and check that they work.
2. Apply any new security patches for your operating system, web browser and all other software on your devices to keep them secure. In many cases, you can set the software to auto-update itself or download the software patches manually.
3. Install and regularly update anti-virus and anti-malware software on all your devices.
4. Use strong passwords and change them regularly. Also, consider using two-factor authentication for added security.
5. Use different passwords for different websites/services or consider using a reputable password management tool.
6. Encrypt any sensitive data and do not send passwords or other sensitive data via email unencrypted.
7. To protect against phishing or ransomware be cautious of clicking on links sent to you within emails, social media websites/apps or unfamiliar websites.
8. Use a firewall and check that your internet router/firewall has the latest firmware installed.
9. If you operate a Wi-Fi network make sure it is encrypted (eg WPA2) and regularly change the Wi-Fi password.
10. Use a VPN (a virtual private network) if you are accessing your systems over public Wi-Fi or an outside network such as any mobile data, home or offsite internet connection.

Other common cyber security measures and best practices for cyber security in business that will help you further increase the resilience of your business.

You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attacks.

Actions to take in times of increased cyber threat

In response to recent malicious cyber incidents in and around Ukraine, the NCSC has updated its guidance on actions to take when the cyber threat is heightened.

The guidance urges organisations to go beyond the basic steps to reduce the risk of experiencing an attack. Businesses should not delay:

• patching their systems
• improving access controls and enabling multi-factor authentication
• implementing an effective incident response plan
• checking that backup and restore mechanisms are working 
• ensuring that online defences are working as expected

Businesses are also advised to keep up to date with the latest threat information. You can register for the NCSC's Early Warning service to learn about malicious activity potentially affecting your network. If you do experience a cyber attack, you should report the incident to the NCSC's 24/7 Incident Management team.