We have recently become aware of several businesses being victim to cyber-attacks.
We would therefore like to remind you of the resources available from the National Cyber Security Centre. (NCSC).
The NCSC has recently published guidance on Protecting Internet-facing Services. Although it is aimed at Critical National Infrastructure, the content is still relevant to you and will hopefully be of interest and use.
The NCSC’s Publications Subscription Centre has also been updated. You are now able to subscribe to receive a broad spectrum of NCSC publications in one place, including threat reports and advisories and the NCSC Small Organisations Newsletter.
Follow the Cyber Security Pathway
A route the NCSC would suggest an organisation or individual takes through their products/guidance is outlined below, starting at the most basic messaging.
- Cyber Aware – Cyber Aware is the government’s advice on how to stay secure online. It outlines six actions to take to improve your cyber security and offers a tailored plan for you or your business.
- NCSC Newsletter – sign up link and description as mentioned above.
- Small Business Guide – Explains how to improve your cyber security; affordable, actionable advice for organisations.
- Top Tips for Staff & Cyber Security for Small Organisations E-learning – Cyber Security for Small Organisations and Top Tips for Staff are both designed to be integrated into your organisation’s training platform.
- Exercise in a Box – A free online tool which helps organisations find out how resilient they are to cyber-attacks and practise their response in a safe environment. Exercises include from 15-minute micro exercises, 1-3 hour discussion based exercises and a 3-4 hour simulation exercise.
- Response & Recovery Guide -Guidance that helps organisations prepare their response to and plan their recovery from a cyber incident.
- Ten Steps to Cyber Security – Take things a little further: breaks down the task of defending networks into ten essential components. – 10 Steps to Cyber Security – NCSC.GOV.UK
- COVID -19 Guidance – This guidance includes home working, video conferencing and moving your organisation from physical to digital
- Early Warning – Is available to any UK organisation with a static IP address or domain name. Early Warning helps organisations investigate cyber-attacks on their network by notifying them of malicious activity that has been detected in information feeds.
- Logging Made Easy – Is available to any UK Organisation. LME helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems.
- Supply Chain Security – The guidance will provide organisations with an improved awareness of supply chain security, as well as helping to raise the baseline level of competence in this regard, through the continued adoption of good practice.
- Cyber Essentials – Cyber Essentials government backed certification scheme helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. As mentioned, a lot of government and some private contracts are now requesting Cyber Certification as part of their tender process. https://www.ncsc.gov.uk/cyberessentials/overview
NCSC have recently launched the Cyber Essentials Readiness Tool – The Cyber Essentials Readiness Tool is a free, online resource that guides organisations through a series of questions related to the Cyber Essentials criteria to help prepare them for certification.
The tool asks questions about an organisation’s use of hardware, software, and boundary devices such as firewalls, as well as use of passwords and protections against malware and provides clear, non-technical advice for the user. Upon completion of the tool the user receives a tailored action plan that outlines the steps they need to take to achieve Cyber Essentials certification. This tool, developed by IASME on behalf of the NCSC – a part of GCHQ – was launched at the NCSC’s flagship conference CYBERUK 2021.
NCSC have recently released a few Threat videos. They can be accessed via the links below:
- Ransomware: https://youtu.be/DWmMm5IhLDw
- Phishing: https://youtu.be/NhaPVefCjDo
- Security culture: https://youtu.be/Mz0VQx87xvc
Feel free to pass this information on within your business and wider networks.