The following guidance is provided for the benefit of small business users of CHAPS.

Facts about Cyber Crime

The Federation of Small Business (FSB) reported in 2016:

  • 66% of small businesses have been a victim of cyber-crime.
  • Cyber-crime costs each small business victim nearly £3000
  • On average a small business is a victim of four cyber-crimes every two years.


Guidance about Cyber Security

Cyber-crime continues to be a growing threat. The frequency of attacks and breaches is increasing, the complexity of attacks is growing and the financial impact of them is rising. However, it has been shown that by simply implementing some standard security policies, risk can be reduced by up to 85%.

The UK government has for several years provided guidance on critical security controls . As well as adopting the controls itself, the government promotes their use by critical national infrastructure organisations such as CHAPS Co. 

In addition to protecting your organisation, you should prepare for the worst. Make sure that you take regular backups of your critical data and store it off-site. Produce a business continuity plan and test it regularly. Discuss what your communications response would be to an attack or breach with senior management. And keep your staff aware of the risk.

The following simple steps can also help to protect your business:

  1. Ensure that your CEO, Managing Director, Board etc. are aware of the risk and impacts of cyber-crime and that they buy-in to the necessary remediation/mitigation measures.
  2. Implement the government recommended critical security controls.
  3. Join forums of similar sized/type organisations to share information and ideas.
  4. If you are unfortunate enough to become a victim of cyber-crime, it is important to contact the Police as quickly as possible. This will not only help to minimise damage and financial impact, it could make the difference between staying in business or not. At the very least you should have a plan in place that you can deploy in the event of an incident and that plan should be tested regularly.