The National Cyber Security Centre (NCSC) has published guidance to help small to medium sized organisations prepare their response to, and plan their recovery from, a cyber incident.
The “Small Business Guide: Response & Recovery” has been produced by the NCSC in response to questions raised by SMEs following the earlier publication of its “Cyber Security: Small Business Guide” in 2017 and it’s intended to be a companion to that guide. The NCSC estimates that there is a one in two chance that UK businesses will experience a cyber security breach.
The NCSC define a cyber incident as unauthorised access, or attempted access, to an organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware or phishing attacks) or could be accidental incidents (such as damage from fire, flood or theft). The new guidance maps out a response to an incident over the following five stages:
- Preparation for incidents.
- Identifying what’s happening.
- Resolving the incident.
- Reporting the incident to wider stakeholders.
- Learning from the incident.
The guidance includes practical advice on what to do at each stage, including action points. It also advises that SMEs who are experiencing a live cyber incident should call Action Fraud immediately on 0300 123 2040 and then press 9 on their keypad. This will allow the call to be dealt with as a priority and the live incident will be triaged over the phone. The incident will then be passed to the National Fraud Intelligence Bureau (NFIB) who will review the report and conduct a range of enquiries and it may then get passed to the relevant police agency.