Jul 25th, 2022
7 mins
Given the current situation in Ukraine, the NCSC is once again reiterating that organisations of all sizes need to take steps to reduce the risk of falling victim to a cyber-attack.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber-attacks on Ukraine with international consequences.
To assist members, the BFFF would like to remind members of the NCSC resources available to them:
Heightened Threat Guidance – https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened.
Guidance on maintaining a sustainable strengthened cyber security posture – https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture.
Digital Loft recording on heightened threat – https://share.cisp.org.uk/thread/14857
Digital Loft recording on Exercise in a Box – https://share.cisp.org.uk/thread/15074
You can request a CiSP account here – CISP – Cyber Security Information Sharing Partnership – NCSC.GOV.UK.
Subscription Centre – news and advisories from the NCSC. Sign up here – https://ncsc-production.microsoftcrmportals.com/subscribe/
Reporting an Incident –
Organisations that suffer a cyber incident or are affected by fraud should report this to Action Fraud by calling 0300 123 2040 or go to www.actionfraud.police.uk.
In Scotland, Police Scotland’s 101 call centre should be contacted. Cyber incidents can also be reported to the NCSC via their online form which is monitored 24/7 – https://report.ncsc.gov.uk/
Early Warning – https://www.ncsc.gov.uk/information/early-warning-service
Helps organisations investigate cyber-attacks on their network by notifying them of malicious activity that has been detected in information feeds. NCSC are recommending organisations sign up at their earliest opportunity.
Exercise in a Box – https://www.ncsc.gov.uk/information/exercise-in-a-box
Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it.
Board Toolkit – https://www.ncsc.gov.uk/collection/board-toolkit
Resources designed to encourage essential cyber security discussions between the Board and their technical experts.
10 Steps to Cyber Security – https://www.ncsc.gov.uk/collection/10-steps
Guidance on how organisations can protect themselves in cyberspace.
Supply Chain Security Guidance – https://www.ncsc.gov.uk/collection/supply-chain-security
A series of 12 principles designed to help you establish effective control and oversight of your supply chain
Cloud Security Guidance – https://www.ncsc.gov.uk/blog-post/relaunching-the-ncscs-cloud-security-guidance-collection
How to choose, deploy and use cloud services securely.
Industry 100 – https://www.ncsc.gov.uk/section/industry-100/about. Industry 100 (i100) is the principal initiative from the NCSC to facilitate close collaboration with the best and most diverse minds in UK industry.
Phishing: Reporting scam emails, texts, websites and calls – https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-text-message. Organisations who use O365 also now have the option for suspicious emails to be sent directly to our suspicious email reporting service (SERS). More information and guidance to set up available here: New Office 365 “report phishing” button – NCSC.GOV.UK
Staff Training – https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v2/scormcontent/index.html#/
The online training gives users the chance to get confident with what cyber security means for them and learn some actionable steps that they can take to stay safe online. The training covers four key topics of cyber security – Defending yourself against phishing, creating strong passwords, securing devices and reporting incidents.
Business Comms – SMS and Telephone Best Practice – https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice
Combatting telephone and SMS fraud requires a collective effort. This guide focuses on organisations and where they can help in the fight against fraud as part of their procurement processes and communications strategies.
Cyber Essentials – https://www.ncsc.gov.uk/cyberessentials/overview
A government backed certification scheme that helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
Cyber Essentials Readiness Tool https://getreadyforcyberessentials.iasme.co.uk/
A free, online resource that guides organisations through a series of questions related to the Cyber Essentials criteria to help prepare them for certification.
