Recent times have seen a huge increase in online cyber threats to Small Business Cyber Security; such as computer viruses, malware attacks, phishing emails and more. It is particularly saddening to see the increase in scams and threats capitalising on the coronavirus situation and targeting vulnerable people.
We at White Rabbit are doing as much as we can to help small business owners in protecting themselves against this activity and increase their cyber security. Read on to find out what you can do to strengthen security and test your cyber security plan.
Small Business Cyber Security
We’re seeing an increased number of requests and enquiries around website and cyber security. It is always a good time for small businesses to review and update cyber security and protection against cyber attacks, digital threats and cyber security risks for business.
See below some things we’ve been doing to protect ourselves and our clients. You will also find out what you can do and steps you can take to increase the resilience of your business and protect yourself against security breaches.
Joining CiSP: Approved Member
White Rabbit is now a part of the CiSP network; as an Approved Member we can access all of the great benefits this includes. Helping us to increase our own cyber security, provide safer services to our clients and help them to protect their business further.
To join CiSP you have to meet certain criteria and must be sponsored by either a government department, existing CiSP member or a regional Cyber PROTECT police officer or industry champion. Once an organisation membership is approved, staff can get individual access to the CiSP network of cyber security professionals and exclusive resources.
Cyber Security: What is CiSP?
The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative. Set up by the National Cyber Security Centre (NCSC) and the Government Communications Headquarters (GCHQ), to exchange cyber threat information in real-time; in a secure, confidential and dynamic environment. Increasing situational awareness and reducing the impact on UK business.
Benefits of CiSP Membership
- Engagement with industry and government counterparts in a dedicated and secure environment
- Early warning of cyber threats, NCSC documentation and other GCHQ resources
- National Cyber Security Centre network abuse management reporting
- An improved ability to protect company and client networks
Cybersecurity Tools For Small Businesses
Here are some free resources and actionable steps; that you can take to increase your Business Cyber Security and address challenges in cyber security plans for business.
Cyber Security What Small Businesses Need To Know
A great starting place (in fact a top priority) is the Cyber Essentials Five Technical Controls that you can put in place today. Cyber Essentials helps you to guard your small business against cyber attack, here it has been explained without jargon.
Cyber Exercising can help you understand your organisation’s preparedness and resilience to cyber attacks.
Cyber Essentials: Five Technical Controls
Here is an overview of the five technical controls that you can put in place today; that will increase your company’s cyber security and protect your business from cyber threats and attacks:
1. Use firewall to secure your internet connection
Configure and use a firewall to protect all your devices, particularly those that connect to public or other untrusted Wi-Fi networks.
2. Choose most secure settings for devices and software
Only use necessary software, accounts and apps on your company networks. If you would like more information on choosing passwords, choose the “Passwords” topic on the NCSC website.
3. Control who has access to data and services
Control access to your data through user accounts and permissions. Ensure that administration privileges are only given to those that need them and that what an administrator can do with those accounts is controlled.
4. Protect yourself from viruses and other malware
Implement at least one of the approaches listed below to defend against malware. For more detail on these virus and malware protection approaches read this.
5. Keep your devices and software up to date
Manufacturers and developers release regular updates to their software, not only adding new features, but also fixing any security vulnerabilities that have been discovered.
Cyber Exercising: Exercise in a Box
Exercise in a Box is a unique online cyber security exercising tool, developed by the NCSC; enabling large and small businesses to understand their preparedness in managing and responding to cyber attacks. The tool provides exercises based on common cyber threats that you may fall victim to, which your organisation can practise as many times as you want. It brings together everything you need for the set up, planning, delivery and post-exercise activity, all in one place; you can test your business cyber security plan for free.
This service covers the fundamentals of cyber exercising which helps you to find out how resilient your small business is to a cyber attack, and to practise your response to critical cyber incidents in a safe environment.
You will be able to create summary reports for your Cyber Security Plan from the exercises; which may help you identify and improve ways of managing cyber security threats.
You sign on, set your profile, pick your exercise, download the materials and then do it when you’re ready. There is a help facility should you need it, but the tool is designed to be a self-service product and you don’t need to be an expert to use it.
Best of all, it’s FREE!
Specifically designed to test and evaluate Cyber Security for business of all sizes, including Small Businesses; go ahead and take your very own Exercise in a Box.
Protect Websites With Network Reports
All of our client’s websites will be added to the CERT-UK Network Reporting (CNR) tools provided with our CiSP membership. Unlike their Active Cyber Defence tools (which are only available for public sector web services), the CNR service is for public & private sector bodies.
CNR processes actionable threat information to establish indicators of malicious activity and compromise as well as identify known vulnerable network services. This threat information is gathered from a range of information security forums and initiatives who collect data passing across the public Internet.
This abuse management system ingests data feeds from public, commercial and trusted sources (including a number of privileged feeds not available elsewhere) and uses this to notify us of threats found.
The CNR service scans for network abuse events on our organisation’s network, as well as vulnerable network services on internet-facing resources such as websites. The NCSC will send reports, if they see any network abuse events or vulnerable network services on the given resources.
Your Business Cyber Security Plan
Let us know in the comments below about any steps you have taken to increase your Small Business Cyber Security; useful tools that you use or any other cyber security tips and advice that you’d like to share.
Take a look at our other blog posts about website security and protecting your business. You can always get in touch to find out more about what we can do for you.
Founder and strategic mind behind White Rabbit. Focused on clients with a creative and ethical business model. Digital philanthropist giving time to support community groups, projects and organisations; that revolve around the arts, wildlife conservation and heritage crafts.