Skip to main content

Cyber security guides from NCSC (GCHQ)

Here are details of various tools that NCSC has made available online to help businesses; and see also attachments, which are not currently online. The NCSC was formed in 2016 "to make the UK the safest place to live and work online" and is part of GCHQ.

 

1. NCSC Small Organisation Newsletter. This monthly newsletter aims to break down cyber related issues into bitesize pieces which can be read in your coffee break: Sign up to receive a copy via this link - https://ncsc-production.microsoftcrmportals.com/SME_News/

 

2. Cyber Aware Campaign - basic messaging for public and business: http://cyberaware.gov.uk/ Within the Cyber Aware website there is an option to have a tailored action plan depending on how the individual responds to the questions asked.

 

3. Small Business Guide - Explains how to improve cyber security; affordable, actionable advice for organisations. https://www.ncsc.gov.uk/smallbusiness

 

4. The recently-launched Cyber Security for Small Organisations: https://www.ncsc.gov.uk/training/cyber-security-for-small-organisations-scorm-v2/scormcontent/index.html#/

 

5. Top Tips for Staff:

https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v2/scormcontent/index.htmll#/

 

4. Training zip file:

https://www.ncsc.gov.uk/training/cyber-security-for-small-organisations-scorm-v2.zip This contains the package as a SCORM-compliant file. An API version is available as an alternative to help users who have been unable to use SCORM.

 

5. Exercise in a Box: https://exerciseinabox.service.ncsc.gov.uk This free online tool helps organisations to find out how resilient they are to cyber-attacks and "to practice their response in a safe environment". Exercises include from 15-minute micro exercises to a 1-to-3-hour discussion-based exercises and a 3-to-4-hour simulation exercise.

 

6. Cyber Essentials. As we have previously discussed, Cyber Essentials is a government backed certification scheme that helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. An increasing number of tenders are now specifying Cyber Certification as part of their tender process: https://www.ncsc.gov.uk/cyberessentials/overview [I suggested to BEIS that they could do more to promote Cyber Essentials and Cyber Essentials Plus. In April, Siemens thought its accreditation to CE+ sufficiently important to issue a press release. Newly-launched is the Cyber Essentials Readiness Toolkit, a free, online resource that guides organisations through a series of questions to help prepare them for certification: https://getreadyforcyberessentials.iasme.co.uk/ The tool asks questions about an organisation's use of hardware, software, and boundary devices such as firewalls, as well as use of passwords and protections against malware and provides clear, non-technical advice for the user. It provides a tailored action plan that outlines the steps they need to take to achieve Cyber Essentials certification. IT consultancies also offer support.

Finally, BEIS and NCSC have asked to let them know of any firms who have suffered a ransomware attack and would be prepared to give details. The information would be used in strict confidence to build up intelligence to help combat this crime, and perhaps also used as examples to warn others, with all details that might identify the target firms removed.