NCSC Review 2024: Simple Cybersecurity Tips for SMEs
Following the speech made by Richard Horne of NCSC, for the launch of the 2024 annual review, I can imagine there are a number of different reactions amongst business owners and directors, one of which may be, “I’ve got enough to be dealing with at the moment, thank you very much”. Recent budget announcements, combined with all the usual pressures, may lead them to believe they have done enough, thinking “after all, why would we be a target?” This is something I have heard many times.
I sympathise with the pressure which businesses feel they are under at the moment but there are a few simple things which addressed now will help prevent a compromise that could be far more destructive than initially anticipated. And, if you have assets and money, as all active business do, you are a target.
So please do listen to the advice that the NCSC is giving.
Here is a checklist of security measures that all SMEs can follow, even if you do not have the IT resources of large enterprises:
- Run the latest updates on your software and firewall and make sure you have up to date antivirus on all your devices.
- Do not use the same password for accessing multiple platforms, do not share passwords and make sure all passwords are strong passwords.
- Take the option of using Multifactor Authentication wherever it is offered.
And this is the more complicated bit, but which pays dividends despite largely only costing time:
- Train your staff to be suspicious of the unexpected.
- Encourage staff to verify unexpected communications by contacting senders through alternative means.
- If they get a phone call or LinkedIn message asking for information, no matter how minor, ensure they do not break the company rules, regardless of how charming or knowledgeable the contact sounds.
- If a situation regarding a business transaction or an online interaction feels off, that they should get a second opinion before proceeding.
- If something does go wrong with their systems, they immediately tell the people in the company or their IT team who can sort it.
We all have supply chains, and six degrees of separation works in business too. We need to take these warnings seriously for the sake of colleagues, companies, and wider society. Despite the availability of sophisticated tools and expensive kit to address these issues, ultimately, it comes down to people and their intentions.
Please put cybersecurity on your priority list.
Useful links:
Why do we need multi-factor authentication?