Ever wondered how you can protect your business from cyber-attacks? In the digital world we live in, organisations are facing growing threats from a range of cyber criminals. And these threats are only set to get worse with the growing popularity of software such as ‘The Cloud’ being used to store confidential data.

According to the National Cyber Security Centre (NCSC) criminal cyber attacks on UK businesses increased last year and businesses of all sizes need to take measures to protect themselves in cyberspace.

Fortunately, there are effective ways to reduce the risks by establishing some basic defenses. The NCSC has come up with 10 steps to securing your business from the majority of cyber-attacks:

1.)    Set up your Risk Management Regime

Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation, supported by the Board and senior managers.

2.)    Network Security

Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor and test security controls.

3.)    User education and awareness

Produce user security policies covering acceptable and secure use of your systems. Include in staff training.

4.)    Malware prevention

Produce relevant policies and establish anti-malware defences across your organisation.

5.)    Removable media controls

Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.

6.)    Secure configuration

Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.

7.)    Managing user privileges

Establish effective management processes and limit the number of privileges accounts. Limit user privileges and monitor user activity.

8.)    Incident management

Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.

9.)    Monitoring

Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.

10.)  Home and mobile working

Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.


The 10 steps guidance is complemented by the paper Common Cyber Attacks: Reducing The Impact. This paper sets out what a common cyber-attack looks like and how attackers typically undertake them.