COVID-19 has seen many businesses alter their ways of working. They have reacted quickly to imposed constraints by increasing reliance on IT and digital technology to keep the business active.
For the SME community, NCSC has created the COVID-19 SME support package to specifically support businesses who have had to increase their cyber security. The support package consists of the following guidance documents:
By working through the guidance, businesses will be able to gain a clearer picture of their current cyber security arrangement and implement security controls where required. This should then give businesses the confidence that their activity and business is secure online.
For SMEs who have moved their delivery of the business online due to the closure of physical premises, answering the below questions should help businesses establish a baseline of their security status to identify areas that may need attention:
1) What technology do you already use?
What IT assets do you own, operate, and manage yourself? It is difficult to secure technology if you can’t identify who’s responsible. Is it your job exclusively? Your service provider's? Or a joint effort? Clarity is the important thing here.
2) Are you using cloud services?
The NCSC guidance provides you with a relatively lightweight process for assessing the security of cloud-hosted software products.
3) Do you have access to IT support?
As you become more reliant on digital services to do business, you should think about how you would cope if these services became unavailable.
4) What cyber security measures do you have in place?
The NCSC's Small Business Guide can help you to establish a baseline set of security policies for your IT. Cyber Essentials provides a way to demonstrate to others that you have good security in place.
5) Are there any regulations you need to follow?
If your business is now processing Personally Identifiable Information (PII) online, you will need to read up on GDPR. If you are processing card payment information, the Payment Card Industry Data Security Standard will apply.
6) Do you need to review your insurance policies?
Are any elements of your insurance policies affected by your change in circumstances, such as working from home, running a predominately 'online' business, or by outsourcing key business functionality?
Moving your business from the physical to the digital securely will not only help SMEs grow their businesses confidently and sustainably, but it will also help to uphold their reputation with customers.
To help stay on top of cyber security, the NCSC's small business and sole trader pages are regularly updated with blog posts that frequently point to new and useful advice.