Firms have to be compliant with Cyber Rules and Guidance 2021 by 9th August 2021. The Cyber Rules and Guidance 2021 focus on five core principles:

Identify, Protect, Detect, Respond and Recover

A copy of the Cyber Rules and Guidance 2021 can be found here.

Phishing can take place via email, telephone, social media, or text messaging, with the majority of attempts via email.

Businesses should ensure that they have appropriate identification and protection measures in place to identify, protect, and detect attempted phishing emails.

The National Cyber Security Centre advises that all businesses adopt a multi-layered approach which will significantly improve resilience against phishing attempts. As well as the more technical layers of defense, such as implementing anti-spoofing controls, setting up 2-Factor Authentication (2FA), using a proxy server, and ensuring browsers are up to date, other measures include:

Filtering or blocking incoming phishing emails;

Providing ongoing, effective training helping employees to spot phishing emails; and

Creating an environment where employees can seek help through clear reporting, feedback, and a no-blame culture.

Businesses should also ensure that they have a fully tested Cyber incident response plan (the �Plan�). The Plan should clearly set out how the business detects, investigates, remediates, recovers, and learns from a phishing attempt/attack. The Plan should include the key stakeholders that are required to undertake specific activities, including any required external notification/reporting.

Should you require assistance with your Plan or assistance in general complying with the Cyber Rules and Guidance 2021, please contact our Head of Operations and Cyber Security, Sarah Sarre.

To learn more and talk with one of our senior team, please email enquiries@aspidagroup.com or call 01481 741900.