PureCyber

View Original

How To Put Your Cyber Action Plan into Practice

As part of its ongoing cyber awareness campaign, The NCSC (National Cyber Security Centre) have launched a Cyber Action Plan self-assessment tool to help small organisations identify cyber security vulnerabilities, and practice effective governance.

As a trusted partner PureCyber are here to help businesses put their Action Plan recommendations and remediations into practice.

What is a Cyber Action Plan?

In the current risk environment, an effective Cyber Action Plan is essential to any small business, and critical in maintaining a strong cyber security posture. A strong Cyber Action Plan will consider such elements as passwords, firewalls, data back-up policies, multi factor authentication, secure configuration, user access controls (controls to restrict employees access to files, data and devices that are not relevant to their role), governance (technical controls or policies/procedures) and assets (both physical and informational assets.

Recommendations could also include undertaking accreditation schemes such as Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a government-backed scheme to help organisations in Wales, and across the UK, understand the basic controls that they should have in place to try to mitigate common cyber threats.

Why Do SME’s Need a Cyber Action Plan?

SMEs (small medium businesses) remain an attractive target for malicious actors and cyber criminals. The NCSC’s 2022 Cyber Breach Report revealed that over of a third (38%) of small businesses suffered a cyber incident during a 12-month period.

SMEs are often more vulnerable to phishing, ransomware, and other forms of malware due to fewer resources, smaller budgets, and a lack of security expertise.

Vodafone’s ‘SME’s Like Me’ report published in June 2022 also revealed that only 8% of SMEs named cyber security as a business priority.

Despite this, Martin McTague, The National Chair of the Federation of Small Businesses told the NSCS that;

“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations.”

The impact of a cyber breach for small businesses without effective cyber security or governance can be severe, both financially and reputationally. Putting an effective cyber action plan in place reassures existing and potential clients, partners, and customers that you take data security seriously, improves your overall security posture and helps to protect your reputation and day to day operations.

The average cost of a cyber breach today is £4,200, up from £3,230 on average per attack in 2022.

How Do I Implement My Cyber Action Plan?

Once you have completed the self-assessment questionnaire here, you will be given a list of recommendations. Finding a trusted partners to help with implement these is the first step.

Free Cyber Action Plan Consultation

PureCyber offer a free consultation service, providing you with personalised support to help introduce cyber security best practice across your business with the minimum disruption. Removing the worry and stress that often looms over business owners and managers who don’t have protection in place.

Book Your Free Consultation

Potential Remediations to Consider

PureCyber Foundations

PureCyber Foundations is our introductory level subscription package that provides businesses with the essential security solutions all businesses should have in place. Helping organisations to implement the fundamental information security best practice recommended in their NCSC Action Plan to strengthen their cyber posture.

The Foundations subscription includes:

  • Monitoring of your systems 24/7

  • Managing your vulnerabilities

  • Managing your patching

  • Providing the cyber policies you need

  • Training your workforce with access to our Training platform

  • Providing Incident response and support should the worse happen

Additional Governance

Gaining Cyber Essentials and Cyber Essentials Plus accreditation is a great starting point to implement basic cyber security controls and governance. As one of the longest standing accredited IASME certification bodies in Wales, PureCyber can support you through the process and question set and provide the guidance you need to remediate any issues to attain the accreditation.

Basics to consider: Passwords, MFA & Back-Ups

You may also need to strengthen your password policy, consider using multifactor authentication or review your back up policies. Read our guide on how to easily create a secure password and how to implement back up best practice.

Active Threat Detection

Our Active Threat Detection service provides global visibility to your network, designed to quickly identify threats no matter where they are in the world. With increased levels of staff working from home, the cyber security implications of hybrid working should be considered in any cyber action plan.

Penetration Testing

For a more extensive assessment of your organisation’s cyber security weaknesses our award-winning penetration testing team in Cardiff can provide you with a detailed step-by-step breakdown. This outlines how each vulnerability was identified and exploited, followed by remediation advice.

Don’t Delay – Take Steps to Start Your Cyber Action Plan Today

Get in touch with our friendly cyber experts to help implement your Cyber Action Plan today by clicking the contact button below or email us at info@purecyber.com.

Sources

www.ncsc.org

www.vodafone.co.uk