Cyber incidents continue to feature in the news headlines, with the government stepping in to support Jaguar Landrover through their recent serious disruption to supply chains and manufacturing.

While small businesses are unlikely to grab the same headlines, the risks are just as real. For many, a serious cyber-attack could stop their business from trading altogether. That’s why it’s vital not only to think about preventing attacks, but also to consider how your business would recover if the worst happened.

Start with the basics

The National Cyber Security Centre (NCSC) encourages all businesses to adopt the Cyber Essentials programme. This focuses on five straightforward measures that block the majority of common attacks. They cover areas such as keeping software up to date, controlling access to your systems, and protecting your internet connection with firewalls.

These are practical steps that any small business can put in place without needing a large IT team. Some insurers and customers also now look out for Cyber Essentials certification as a reassurance that you take cyber security seriously.

Know what matters most to you

If your business were hit by an attack, what would you need to keep running at all costs? For some, it might be your customer database. For others, it could be your booking system, your payment processing, or even email.

By thinking this through in advance, you can:

• Identify your most important systems and data
• Decide how you would keep the business going if they were unavailable
• Put in place simple backup and recovery processes so you are not left starting from scratch.

Plan and practice

NCSC advise that the businesses that recover best from disruption are those that have rehearsed their response. This doesn’t need to be complicated, but could mean, for instance:

• Making sure you know who to call. For many this will be your IT support provider, your bank, or possible the police’s cyber-crime unit.
• Keeping offline copies of important contact details and documents.
• Agreeing who in the business will speak to customers or suppliers if systems are down.
• Running through ‘what if’ scenarios with your team so everyone knows their role and responsibilities.

Leadership matters

Cyber risk is often left to whoever looks after the IT. However, a cyber-attack poses a risk to the whole business. Just as you would take a threat to your cash flow or business operations seriously, cyber risk needs to be considered in the same way. This includes staying informed and interested in the steps you’re taking as a business to minimise problems.

Marks and Spencer’s recent experience, which forced them to suspend online sales, the movement of products through their entire estate and rendered their staff unable to see their shifts for the following week or book leave, should serve as a stark reminder for any business. 

Next steps…

If you want to build the resilience of your business, consider:

• Reviewing NCSC’s advice for sole traders and small organisations to respond to cyber attacks
• Working towards Cyber Essentials certification
• Making a simple recovery plan covering your critical systems and contacts.

No business can guarantee it won’t be targeted, but by preparing now, you can reduce the damage, recover faster, and keep your customers’ trust.