Comment - National Cyber Security Centre announce Cyber Action Plan
February 2021 by Richard Hughes, Head of Technical Cyber Security at A
This morning National Cyber Security Centre have announced that they have created a ’Cyber Action Plan’ to help increasingly digital SME’s to stay secure from rising threats. As part of the cross-government Cyber Aware campaign, GCHQ’s National Cyber Security Centre (NCSC) has created the Cyber Action Plan to help micro businesses and sole traders securely navigate the increasingly digital landscape they operate in.
Here is the full story: https://www.ncsc.gov.uk/news/cyber-...
The comment from Richard Hughes, Head of Technical Cyber Security at A&O IT Group:
“The "Cyber Action Plan" from NCSC is a great first step to get sole traders and SMEs thinking and hopefully acting to ensure they are meeting the most basic requirements to reduce the risk of them from becoming the low hanging fruit for cybercriminals. The creation of a tailored action plan involves a short questionnaire that takes around 5 minutes and I would certainly recommend anybody running a small business to take a moment to complete this. There is no need to register or provide any personal details and the questions are straight forward covering areas such as password strength, backups and software updates. The action plan then provides sensible advice and in some cases step by step instructions to remediate perceived issues. The plan only covers the very basics cybersecurity requirements that security consultants have been preaching for years but hopefully with the planned advertising the message will reach the widest possible audience. Although the action plan is aimed at businesses with fewer than 10 employees, some of these will certainly need to consider a far more in-depth security review than can be provided in 5 minutes as cyber risk is not measured solely by the number of employees in a business. Without complicating what is supposed to be a simple questionnaire I believe there are additional questions that should be included that would indicate that a more detailed assessment may be required one of which could be "Do you have a website?". Advice should also be provided to prevent a false sense of security following the implementation of the provided action plan as despite the fantastic advice which will no doubt improve security the steps will certainly not guarantee a business is secure.”