Jul 25th, 2022
7 mins

Given the current situation in Ukraine, the NCSC is once again reiterating that organisations of all sizes need to take steps to reduce the risk of falling victim to a cyber-attack.

While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber-attacks on Ukraine with international consequences.

To assist members, the BFFF would like to remind members of the NCSC resources available to them:

Heightened Threat Guidance –

Guidance on maintaining a sustainable strengthened cyber security posture –

Digital Loft recording on heightened threat –

Digital Loft recording on Exercise in a Box –

You can request a CiSP account here – CISP – Cyber Security Information Sharing Partnership – NCSC.GOV.UK.

Subscription Centre – news and advisories from the NCSC. Sign up here –

Reporting an Incident –

Organisations that suffer a cyber incident or are affected by fraud should report this to Action Fraud by calling 0300 123 2040 or go to

In Scotland, Police Scotland’s 101 call centre should be contacted. Cyber incidents can also be reported to the NCSC via their online form which is monitored 24/7

Early Warning

Helps organisations investigate cyber-attacks on their network by notifying them of malicious activity that has been detected in information feeds. NCSC are recommending organisations sign up at their earliest opportunity.

Exercise in a Box

Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it.

Board Toolkit –

Resources designed to encourage essential cyber security discussions between the Board and their technical experts.


10 Steps to Cyber Security –

Guidance on how organisations can protect themselves in cyberspace.

Supply Chain Security Guidance

A series of 12 principles designed to help you establish effective control and oversight of your supply chain

Cloud Security Guidance –

How to choose, deploy and use cloud services securely.

Industry 100 Industry 100 (i100) is the principal initiative from the NCSC to facilitate close collaboration with the best and most diverse minds in UK industry.

Phishing: Reporting scam emails, texts, websites and calls – Organisations who use O365 also now have the option for suspicious emails to be sent directly to our suspicious email reporting service (SERS). More information and guidance to set up available here: New Office 365 “report phishing” button – NCSC.GOV.UK

Staff Training

The online training gives users the chance to get confident with what cyber security means for them and learn some actionable steps that they can take to stay safe online. The training covers four key topics of cyber security – Defending yourself against phishing, creating strong passwords, securing devices and reporting incidents.

Business Comms – SMS and Telephone Best Practice –

Combatting telephone and SMS fraud requires a collective effort. This guide focuses on organisations and where they can help in the fight against fraud as part of their procurement processes and communications strategies.

Cyber Essentials –

A government backed certification scheme that helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.

Cyber Essentials Readiness Tool

A free, online resource that guides organisations through a series of questions related to the Cyber Essentials criteria to help prepare them for certification.



Dec 9th, 2021
2 mins

Fareshare and Frozen

Nov 1st, 2021
3 mins

Lumina Intelligence give cautious optimism with menu counts increasing season-on-season in the latest BFFF industry webinar

Sep 22nd, 2021
1 min


Sep 16th, 2021
1 min


Aug 19th, 2021
1 min

The Future of Imports Recording

Jul 22nd, 2021
1 min

Integrating Social Value into your business recording

May 20th, 2021
1 min