# Cybersecurity Advice for Small Businesses from the NCSC The latest cybersecurity advice from NCSC (the UK's National Cyber Security Centre) for businesses. *By Bitwarden* *Published: June 23, 2022* --- The National Cyber Security Centre [(NCSC)](https://www.ncsc.gov.uk/) is currently highlighting cybersecurity advice for small and medium-sized businesses. Recognizing that many SMBs do not have a budget for a dedicated IT security team, the [campaign](https://www.ncsc.gov.uk/section/information-for/small-medium-sized-organisations) shares practical recommendations for keeping data secure and preventing unauthorized access. On its SMB security web page, the NCSC notes: “there are some simple steps you can take to ensure you have the basics in place.” Indeed! In fact, the first two recommended actions listed for SMBs are appropriately password-centric: > **Action 1**: Use a strong and different password for your email using 3 random words > **Action 2**: Turn on 2-Step Verification (2SV) for your email The web page goes on to offer a number of resources for SMBs to stay ‘cyber aware’. One of them is a PDF, [practical tips for protecting your organization online](https://www.ncsc.gov.uk/files/NCSC_SME%20Cards.pdf). Overall, the PDF is very good: - Emphasizes the importance of creating different passwords for each account - Encourages the use of strong passwords - Recommends utilizing two-step verification - Recommends keeping all devices up-to-date - Encourages the backing up of data and key contacts But, there’s one recommendation worth pausing over: that users should save passwords in their browser. Bitwarden advises individuals and organizations to [look beyond their browser](https://bitwarden.com/it-it/blog/beyond-your-browser/) and instead prioritize stand-alone password managers. While any password manager is better than no password manager, the security built into third-party password managers is unparalleled. In some cases, [browser-based password managers](https://bitwarden.com/it-it/blog/why-companies-are-looking-beyond-browser-based-password-managers/) don’t use master passwords to encrypt all logins. Further, the NCSC should consider recommending password managers directly on its web pages - versus requiring readers to download documents and comb through them. Password managers are a security gamechanger. ## National Cyber Security Centre (UK) ![National Cyber Security Centre](https://bitwarden.com/assets/6ipsv7s2tT08MPibUo3B5t/c6e3455bc1cd353e81bf94b02a5bbd25/The_State_of_Password_Security_Federal_Government_Edition__4_.png) **Overall Bitwarden Assessment: Good** - Calls out importance of strong passwords - Cites need for 2FA/MFA to further support password security - Overall security advice is up-to-date - Could improve overall layout so password security advice is clear, digestible, and easy-to-find Learn what advice other leading cybersecurity agencies offer, and how they compare, in [The State of Password Security Report](https://bitwarden.com/it-it/blog/the-state-of-password-security/), released earlier this year. Ready to try Bitwarden? Start a [free business trial](https://bitwarden.com/it-it/pricing/business/) to help your team stay safe online or sign up for a [free individual account](https://bitwarden.com/it-it/pricing/).