Cyber-attacks are on the rise, and smaller businesses are not exempt. Have you ever fallen victim to an online scam or cyber-attack, or worried that you might?

If so, the National Cyber Security Centre (NCSC) has a collection of resources that may be useful. The guidance is divided into six key areas and offers clear, practical steps you can take. Here’s an overview.

Phishing

Phishing occurs when you receive a suspicious message, usually containing a link designed to trick you into handing over personal information.

NCSC advises against clicking on such links or entering any details. However, if you have already done so, there are still important actions you should take, including:

  • Contacting your bank if banking details were shared.

  • Running antivirus software.

  • Changing your passwords.

  • Reporting the incident.

Business payment fraud

Fraudsters may send emails that appear to come from genuine contacts. These can be used to deceive you into paying a fake invoice containing a virus or to update bank account details to those controlled by criminals.

If this happens, NCSC recommends staying calm and contacting your bank immediately—making sure you use their official website or telephone number.

Hacked accounts

If you lose access to an online account or spot unusual activity, NCSC provides a helpful checklist of steps you can follow to secure your account and limit any damage.

Ransomware attack

Ransomware involves criminals encrypting your device or the data stored on it, then demanding a ransom in return for decryption.

The NCSC outlines practical steps you can take in this situation, as well as their position on paying the ransom and the risks that come with doing so.

Infected devices

Strange behaviour on your device could indicate it is infected with malware.

The NCSC guidance explains how to check whether your device is compromised, and the actions you should take to try to resolve the problem. They warn that data not backed up in your most recent ‘clean’ backup is likely to be lost. Attempting to recover data from an infected device could also spread the issue, even after wiping and reinstalling.

Denial of Service (DoS) attack

A DoS attack can make your website or network unreliable or completely unavailable—potentially disrupting your business operations.

NCSC offers practical advice on how to respond and steps you can take to strengthen your defences against this type of attack.

Final note

To explore the NCSC resources in full and access detailed advice, visit: https://www.ncsc.gov.uk/section/respond-recover/sole-small