Government updates SME cyber security advice

Cyber security is a significant challenge for SMEs who lack experienced security staff and often cannot afford many of the tools used by larger companies.

The UK Government has updated its advice for SMEs with its Small Business Cyber Security Guide issued yesterday. According to the document, 60 per cent of SMEs suffered a breach last year at a cost of between £65,000 - £115,000.

Refreshingly, the advice accepts that you can never be completely secure and points out that "good cyber security can enhance the reputation of your business and open up new commercial activities." Larger enterprises are begisnning to pay more attention to their supply chain which should open up new opportunities for SMEs with a good cyber security record.

The document starts by focusing on the basics of cyber security and points the reader to www.cyberstreetwise.com where there is advice on multiple subjects, including passwords, software and spotting suspicious emails.

Some of the advice is interesting. For example, the strong password advice suggests using three random words with upper/lower case along with numbers and symbols. Given how any people continue to use simplistic passwords to ensure they can remember them, this is likely to cause a lot of problems for SME's. Luckily the website offers up multiple ways of creating and remember passwords including password passport programmes.

The document also deals with the need to understand risk management and gives guidance on how to apply risk management to a business. This is not just about SMEs. This applies equally to individuals, SMEs and large enterprises. This leads to a section on how to manage risk using three different stages: Planning, implementing and reviewing.

For each stage, there is also a set of steps that can be used to improve the cyber awareness of the business. These are well laid out and relatively simple to implement for any business.

A nice touch is a scenario that deals with a cyber attack on a business including the impact and what steps could have prevented it. Unsurprisingly there is a pointer to the Cyber Essentials scheme and a reminder that companies can get themselves certified.

At the end of the document there are a range of places where businesses can go to get more help. One of these is a pointer to the £5,000 Innovation Vouchers that are available for businesses to spend on advice to help protect and grow their business by having good cyber security.

This is a really useful document for SMEs and one that is worth downloading and reading.