For small businesses in the health and social care sector, the National Cyber Security Centre probably isn’t saved to your internet ‘favourites’ list. You’re not alone: according to the government’s own figures, only 1% of businesses name them as the go-to source for guidance. But the NCSC is the little-known government agency tasked with keeping us all safe from cyber attack, and a key part of their role is making easy and practical guides available to support small businesses.
Small businesses often don’t have a great deal of time to dedicate to becoming cyber safe, and for those in healthcare, cyber has to compete for attention with things like ‘patient safety’. That’s exactly why it’s important for such businesses to have simple, clear and practical guidance, and the NCSC has a number of offerings that fit the bill. We circulate them to our clients, and we’re here to offer help in using them.
At the very simplest level, the NCSC’s cyber aware campaign sets out a few quick and easy things that you can do to increase your security. If, for example, you don’t know what two factor authentication is, you’re testing your luck and could get a lot safer in about five minutes. And if you want to go a step further with your cyber resilience, the small business guide walks you gently through how to avoid phishing attacks, how to keep your smartphones safe, and what good passwords look like. We also regularly point our clients towards the NCSC’s most recent e-learning for staff, because we know that most breaches occur because people do the wrong things. It feels like half an hour well spent, and all of our team have been through it.
The next offer we recommend is the snappily-named “exercise in a box”, which guides your discussion about how prepared you are for common cyber risks. How do you manage home working security, or people working from their own devices? What happens if a mobile phoned is stolen? And what if a member of staff goes rogue? There’s everything from simulation exercises which link directly to your systems, to short discussion pieces you can run with your team in a 15 minute session.
There are a number of other really helpful pieces available too… we’re fans of the board toolkit which helps you ask the right questions of your IT team, if you have one, and the response and recovery guide is a great way to ensure that you can navigate out of a crisis if the worst does occur.
All of this stuff is free, and although it needs a bit of time from you, our experience is that starting with the simpler things can reap immediate benefit in terms of your safety. Just half an hour can be time well spent. We’ll happily talk you through anything that you’re struggling with, and if you need more technical advice, we can also introduce you to local companies who understand basic cyber security and who work with businesses like yours. We know that cyber doesn’t have to be complicated, difficult, or expensive. Now all we need to do is convince the rest of the world… and caring for the carers felt like a good place to start.