Cyber Security: Small Business Guide (PDF Version)

A summary of low cost, simple techniques that can improve cyber security within your organisation. This advice has been produced to help small businesses protect themselves from the most common cyber attacks. The 5 topics covered are easy to understand and cost little to implement. You’re free to print, share, and re-use this document, freely …

Cyber Security: Small Business Guide (PDF Version) Read More »

Using passwords to protect your data

Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users. Passwords – when implemented correctly – are a …

Using passwords to protect your data Read More »

Protecting your organisation from malware

Malicious software (also known as ‘malware’) is software or web content that can harm your organisation, such as the recent WannaCry outbreak. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software. This section contains 5 free and easy-to-implement tips that can help prevent malware damaging your organisation. Tip …

Protecting your organisation from malware Read More »

Cyber Security: Small Business Guide (Infographic)

There’s lots of low cost, simple techniques that can improve cyber security within your organisation. You don’t need a huge IT spend – or specialist staff – to protect your PCs, smartphones, tablets and business data. Download the pdf Read more here:: NCSC Guidance

Backing up your data

Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them. All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be …

Backing up your data Read More »

Avoiding phishing attacks

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money, steal your details to sell on, or they may have political or ideological motives for accessing your organisation’s information. …

Avoiding phishing attacks Read More »

Ransomware: 'WannaCry' guidance for home users and small businesses

The NCSC is currently working with organisations and partners in the UK affected by the ransomware ‘WannaCry’. This page contains guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware). This guidance will be updated as more information becomes available. …

Ransomware: 'WannaCry' guidance for home users and small businesses Read More »

Ransomware: 'WannaCry' guidance for enterprise administrators

The NCSC are aware of a ransomware campaign relating to version 2 of the “WannaCry” malware affecting a wide range of organisations globally. NCSC are working with affected organisations and partners to investigate and coordinate the response in the UK. This guidance will be updated as new information becomes available. From investigations and analysis performed …

Ransomware: 'WannaCry' guidance for enterprise administrators Read More »

Guidance to local authorities for elections

The risks to local authorities involved in the general election Over recent years, there have been reports of cyber attacks, using a variety of techniques, timed to coincide with elections around the world. Most of these attacks were distributed denial of service (DDoS) attacks against government and media websites, which overwhelmed the websites with traffic. …

Guidance to local authorities for elections Read More »

EUD Security Guidance: Windows 10

About this guidance This guidance has been updated for the 1607 “Anniversary Edition” of Windows 10 Enterprise, building on the previous ALPHA guidance. It has also been tested on the latest Windows Insider Preview Build (Creators Update). Testing was performed on a Windows Hardware Certified device, running Windows 10 Enterprise, Current Branch. The hardware was …

EUD Security Guidance: Windows 10 Read More »

Operational technologies

What would life be like without traffic lights, mass-produced food, energy at the touch of a button, or easily available motor fuel? Operational Technology (OT) makes all these things happen and pervades our lives in both obvious and hidden ways, automatically monitoring and controlling processes and equipment that are too dangerous, too demanding or too …

Operational technologies Read More »

macOS 10.12 Provisioning Script

#!/bin/bash function get_user_pass { local MATCH=false while [ $MATCH == false ] ; do read -s -p “Password: ” PASS_1 echo “” read -s -p “Repeat Password: ” PASS_2 echo “” if [ $PASS_1 == $PASS_2 ] ; then PASS=”$PASS_1″ MATCH=true fi done return } function get_encryption_pass { local MATCH=false while [ $MATCH == false …

macOS 10.12 Provisioning Script Read More »

Whaling: how it works, and what your organisation can do about it

Whaling is a highly targeted phishing attack – aimed at senior executives – masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds. Whaling does not require extensive technical knowledge yet can deliver huge returns. …

Whaling: how it works, and what your organisation can do about it Read More »

Vulnerability management

All modern software contains vulnerabilities; either software defects that require patches to remedy, or configuration issues that require administrative activity to resolve. For this reason, organisations should have a vulnerability management process which enables them to know what vulnerabilities are present within their IT estate on a regular basis. Executive staff should ideally be as …

Vulnerability management Read More »

Using TLS to protect data

This guidance outlines how to configure the services that must be able to receive incoming connections from unknown clients or services. Specifically it covers the scenarios of operating a public website and supporting email transfer using Simple Mail Transfer Protocol (SMTP). This guidance does not address use of TLS for Virtual Private Networks (VPNs). About …

Using TLS to protect data Read More »

Using IPsec to protect data

This guide will help you deploy or buy network encryption, using IPsec. It provides recommendations for the selection and configuration of relevant equipment. It also describes how a network encryption service needs to operate to provide an understood level of security. The recommendations in this guidance balance security and usability. About this guidance This guide …

Using IPsec to protect data Read More »

Transaction Monitoring for HMG Online Service Providers (GPG 53)

This guidance provides an overview of TxM from first principles to a suggested organisational structure and outlines a number of questions that organisations need to take into account when considering the business case for a TxM system. Read more here:: NCSC Guidance