What is the NCSC?
The National Cyber Security Centre (NCSC) is the UK Government organisation responsible for advising and assisting the public and private sectors in improving cyber security, as well as supporting the most critical organisations in the country to remain secure, and is part of Government Communication Headquarters (GCHQ).
The NCSC also provides guidance and incident response measures when serious or widespread cyber issues are identified, in order to help minimise the overall impact on the UK.
The NCSC is based in London, and became operational in late 2016, bringing together the activities of the Communications Electronic Security Group (CESG), the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).
You can find out more about the NCSC at https://www.ncsc.gov.uk/.
NCSC advice and guidance
The NCSC has produced advice and guidance on a range of cyber security subjects, including:
- Data breaches: https://www.ncsc.gov.uk/guidance/data-breaches
- Malware and ransomware: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
- Password administration: https://www.ncsc.gov.uk/collection/passwords
- Phishing: https://www.ncsc.gov.uk/guidance/phishing
- Recovering a hacked account: https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
- Remote working/home working: https://www.ncsc.gov.uk/guidance/home-working
- Shopping online securely: https://www.ncsc.gov.uk/guidance/shopping-online-securely
- Suspicious emails, phone calls and text messages: https://www.ncsc.gov.uk/guidance/suspicious-email-actions
- Vulnerability management: https://www.ncsc.gov.uk/guidance/vulnerability-management
The NCSC also provides guidance based on person or type of organisation, including:
- The small business cyber security guide: https://www.ncsc.gov.uk/collection/small-business-guide
- The small charity cyber security guide: https://www.ncsc.gov.uk/collection/charity
The NCSC has collated guidance too, in ‘collections’. The ‘top tips for staying secure online’ guidance collection includes:
- Strong passwords: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email
- Patching software: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/install-the-latest-software-and-app-updates
- Two-factor authentication: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-two-factor-authentication-on-your-email
- Using password managers: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers
- Securing tablets and smartphones: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/secure-your-tablet-or-smartphone-with-a-screen-lock
- Backing up important data: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/always-back-up-your-most-important-data
NCSC guidance for businesses and other organisations
One of the most well-known pieces of NCSC guidance is ‘the 10 steps to cyber security’. First published in 2012, this guidance is now used by a majority of the FTSE350 and provides a simple view of ten areas that will help organisations protect themselves against the majority of cyber-attacks.
There’s also a white paper – “Common Cyber Attacks: Reducing the Impact” – to help organisations understand what a common cyber-attack looks like and how attackers typically undertake them.
Another area the NCSC has focussed on to provide useful advice is the incident response process, with exercises to help organisations work out where they are in terms of preparedness and practice their responses.
The ‘Exercise in a Box’ looks at the fundamental elements of cyber resilience, and the ‘cyber incident creation’ guidance helps organisations design and test more tailored responses.
Cyber Essentials
Cyber Essentials is the scheme developed by the NCSC to define, promote and assess good security practices. Cyber Essentials looks at security ‘controls’ in five key areas:
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Patch management
It is estimated that proper implementation of the controls set out in Cyber Essentials will protect a business from around 80% of common cyber-attacks, so there’s a strong organisational benefit. It also demonstrates to stakeholders that an organisation takes security seriously.