Skip to content
Cyber incidents continue to feature in the news headlines, with airports now joining large UK retailers and manufacturers in experiencing serious disruption to supply chains and services.
While small businesses are unlikely to grab the same headlines, the risks are just as real. For many, a serious cyber-attack could stop their business from trading altogether. That is why it is important not only to think about preventing attacks, but also how your business would recover if the worst happened.
Start with the basics
The National Cyber Security Centre (NCSC) encourages all businesses to adopt the Cyber Essentials programme. This focuses on five straightforward measures that block the majority of common attacks. They cover areas such as keeping software up to date, controlling access to your systems, and protecting your internet connection with firewalls.
These are practical steps that any small business can put in place without needing a large IT team. Some insurers and customers also now look out for Cyber Essentials certification as a reassurance that you take cyber security seriously.
Know what matters most
If your business were hit by an attack, what would you need to keep running at all costs? For some, it might be your customer database. For others, it could be your booking system, your payment processing, or even email.
By thinking this through in advance, you can:
- Identify your most important systems and data
- Decide how you would keep the business going if they were unavailable
- Put in place simple backup and recovery processes so you are not left starting from scratch.Plan and practice
NCSC advise that the businesses that recover best from disruption are those that have rehearsed their response. This doesn’t need to be complicated. It could mean, for instance:
- Making sure you know who to call – is it your IT support provider, your bank, or the police’s cyber-crime unit?
- Keeping offline copies of important contact details and documents
- Agreeing who in the business will speak to customers or suppliers if systems are down
- Running through “what if” scenarios with your team so everyone knows their role
Leadership matters
Cyber risk is often left to whoever looks after the IT. However, a cyber-attack poses a risk to the whole business. Just as you would take a threat to your cash flow or business operations seriously, cyber risk needs to be considered in the same way. This includes staying informed about and interested in the steps you’re taking as a business to minimise problems.
Next steps
If you want to build the resilience of your business, consider:
- Reviewing NCSC’s advice for sole traders and small organisations to respond to cyber attacks
- Working towards Cyber Essentials certification
- Making a simple recovery plan covering your critical systems and contacts.
No business can guarantee it won’t be targeted, but by preparing now, you can reduce the damage, recover faster, and keep your customers’ trust.
