The National Cyber Security Centre – a part of GCHQ – unveiled the services to coincide with the latest phase of its Cyber Aware campaign, which is aiming to raise awareness of cyber security among the country’s small businesses, micro businesses and organisations and sole traders.   

With official statistics showing more than a third of small businesses suffered a cyber attack last year, the NCSC urged them to make use of its Cyber Action Plan and Check Your Cyber Security tools.  

The Cyber Action Plan can be completed online in under 5 minutes and results in tailored advice for businesses on how they can improve their cyber security. 

Check your Cyber Security – which is accessible via the Action Plan – can be used by any small organisation including schools and charities and enables non-tech users to identify and fix cyber security issues within their businesses. 

Small businesses are a common target for cyber criminals, with the Government’s last Cyber Breaches Survey revealing that 38% of the UK’s small businesses suffered a cyber incident over a 12-month period.  

The range of attacks can vary widely, from business email compromise to denial of service and ransomware attacks.  

Lindy Cameron, NCSC CEO said: “Small businesses are the backbone of the UK, but we know that cyber criminals continue to view them as targets.   

“That’s why the NCSC has created the Cyber Action Plan and Check Your Cyber Security to help them boost their online defences in a matter of minutes.  

“I strongly encourage all small businesses to use these tools today to keep the cyber criminals out and their operations on track.”

Martin McTague, National Chair of the Federation of Small Businesses (FSB) said: “A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations. We’re glad to see our recommendations to raise small firms’ awareness on cybersecurity has been taken forward in NCSC’s Cyber Aware campaign.

“Equipping small firms with the right tools and tailor-made guidance could enable them to be more cyber resilient and in turn reduce costs in real life.”

The Cyber Action Plan and Check Your Cyber Security are among the services within the NCSC’s Active Cyber Defence services, which help to protect the UK from millions of cyber attacks each year.  

The NCSC continues to offer a wide range of guidance, products and services to small organisations, including its Small Business Guide. 

Case study

“It’s something I see a lot of people in the business community talking about nowadays, and it’s something I really want people to consider.” Aiden Ryan of Loaf Manchester – who himself suffered a cyber attack – discusses the importance of raising cyber security awareness among the city’s small business community.  

With my cake and coffee brand, Loaf Mcr, I am an active a part of Manchester’s thriving small business community. The business grew during lockdown from making cakes to raise money for the NHS to supplying his bakes to Selfridges and 13 different cafes cross Manchester. 

Over the course of lockdown I began to notice that more fellow small business owners seemed to be falling victim to cyber attacks. Lots of businesses across Manchester were having their social media accounts hacked and I spotted that the small business community was rallying together to promote cyber security advice. 

In lockdown there seemed to be a heightened awareness of the importance of cyber security as a result of some prolific Manchester accounts in the food business sharing stories about being hacked. You'd often see Instagram Stories where you’d know the account had been compromised, or big social media accounts would share stories of businesses who’d been attacked, explaining they'd lost accounts and followers. That had a big impact. After that, I know that lots of businesses starting to use 2SV (2-Step Verification) and think about their cyber security. 

Before starting Loaf, my personal Twitter account was hacked and completely taken over, after a leak of log ins and email addresses was posted to a hacker sharing site. The hacker cleared all evidence of me off the account and changed my password and the account email address so I couldn’t get back in. 

Years later when I set up my business, I took this incident into account and prioritised my cyber security from the get-go. From the start I used 2-Step Verification on all my social media accounts and set up an entirely new email address.   

That was a lesson learned. When I set up the brand, I took cyber security steps immediately. It's one thing when it happens to your personal accounts where you speak to friends and family, and quite another when it’s a business account with following of 14,000 and two to three years of work behind it. 

Often, people have paid money to grow those followings; they’ve spent on social media marketing tools, and agency advice. So, when something happens they lose the money they've invested as well as the future business. 

It’s something I see a lot of people in the business community talking about nowadays, and it’s something I really wants people to consider. 

I think ever since I started using 2SV, I felt more confident. I don't feel scared it's going to happen to me but I do know that you can always do more. 

Loaf was built through community. It was an underdog story - people want to see good things happen. Which is why I feel so passionate about this too; I want to help others in the business community recognise that this matters. Businesses are built through community and they thrive through community.