National Cyber Security Centre publishes guidance for small businesses on preparing their response to and planning their recovery from a cyber incident

The Response and Recovery Small Business Guide sets out a five-point plan of practical advice from the point of preparing for an incident through to the stage of learning lessons from it.

It follows publication in 2017 of the NCSC Small Business Guide, which provided help for business to protect itself from cyber crime. Currently there is around a one in three chance that UK businesses will experience a cyber breach.

The latest guidance looks at continuity planning in the event that a business does fall victim to cyber crime, and follows feedback from businesses keen to ensure they are up and running as soon as possible after an attack.

The guidance maps out a response to an attack over the following five stages:

  1. preparation for incidents;
  2. identifying what’s happening;
  • resolving the incident;
  1. reporting the incident to wider stakeholders; and
  2. learning from the incident.

A range of practical advice is included under these headings, including: identifying critical systems and assets; making an incident plan; analysing antivirus/audit logs to help identify the cause of the incident; and reviewing incident plans to reflect lessons learned.

The guidance was produced in response to a range of questions from small businesses following publication of the Small Business Guide, such as how they should react to an incident and how they get back to business as usual.

It will form part of the Small Business Guide portfolio of products, alongside the original guide and the recently published actions list. The NCSC says that it aims to create a pathway of products and services to help small businesses build their cyber security resilience and develop their maturity. To read the NCSC’s press release in full and for access to the guidance, click here.