Please note: all guidance and information contained in this post was correct at the time of publishing, but may now be out of date.

Where can I get reliable cyber security help and advice?

Jul 15, 2020 | Cyber Essentials

For many organisations, especially micro and small businesses, finding credible, understandable and helpful advice can be challenging.  The list below signposts to some of the trusted websites that can help you on your cyber journey.

The National Cyber Security Centre (NCSC) is the UK’s technical authority on cyber security. From supporting the most critical organisations in the UK to working with the wider public sector, industry, SMEs and individuals to build resilience against cyber attacks, the NCSC’s mission is to make the UK the safest place to live and work online.

Their website and LinkedIn pages provide a wealth of authoritative information available as text and / or infographics. You can find information on many individual cyber security topics such as phishing, home working and ransomware. There is also a range of more general guidance such as:

Small Business Guide Quick and easy to understand guidance to help protect small businesses.  An actions checklist is also available via the NCSC website.

Small Charities Guide The topics covered in the guidance are easy to understand and the solutions are either free or low cost.

10 steps to cyber security  Breaks down information into key components and provides advice on how to achieve good security across each of the elements.

The Cyber Aware website has excellent simple advice written in plain English. Check out the advice about staying secure online.

Action Fraud is the UKs national reporting centre for cybercrime. You also will find plenty of practical advice on its website.  If you’re unfortunate enough to be a victim of crime, their website has an area labelled ‘victim resources’ .

Action Fraud covers cyber crime and fraud experienced in England, Wales and Northern Ireland.  In Scotland, cyber crime should be reported to Police Scotland.

The Regional Organised Crime Units (ROCUs) are trusted partners  of the National Cyber Security Centre who act as Regional points of contact.

Trusted bodies such as banks and solicitors, or, trade bodies such as the local Chamber of Commerce, the Federation of Small Business or sector specific trade bodies often run cyber security seminars, webinars or training for their ‘members’.   Check out their newsletters or websites which may provide event details or include useful advice, guidance, hints and tips.

Training courses – To get some good introductory knowledge or to train your staff, check out The Open University’s free courses. They offer a free 8 week online course in Cyber Security ( 24 hours in total). There are a number of training providers of good quality training including Immersive Labs and Bob’s Business.

IASME is the National Cyber Security Centre’s delivery partner for the Cyber Essentials scheme as well as the industry assurance schemes, Cyber Incident Exercising and Cyber Incident Response Level 2. IASME certifies organisations to a number of certifications including IASME Governance and Cyber Essentials/ Cyber Essentials Plus all of which assess organisations against recognised good cyber security practice.

If your company is thinking about, or in the process of, getting certified , help and guidance is available from IASME every step of the way. You can prepare your answers to the self-assessment by downloading the questionnaire. This allows you to conduct a gap analysis before submitting your application on the assessment platform. You can download the Cyber Essentials and IASME Cyber Assurance self-assessment questions completely free.

Cyber Essentials Readiness Tool
The Cyber Essentials Readiness tool is a free resource on the IASME website. As you work through the interactive questions, you will understand whether the cyber security in your organisation meets the requirements for Cyber Essentials. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes. At the end of this process, based on your answers, you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials.

Cyber Essentials Knowledge Hub
The Cyber Essentials Knowledge Hub is central source of trusted, up-to-date information about the Cyber Essentials scheme which grows and evolves each year. You can search or browse the contents of the Knowledge Hub to find reliable information and support to help answer your questions and guide you through the Cyber Essentials certification process. You will find information about tech and cyber basics, scoping your assessment, the five controls, software support periods, sector specific guidance, and scheme updates. 

Cyber Advisors
Assured Cyber Advisors are cyber security consultants that have passed an NCSC assessment and work for an assured advisor organisation. They can support your organisation to put in place basic cyber security measures, and also help you to achieve Cyber Essentials certification. Importantly, Cyber Advisors have been assessed against whether they can understand and communicate with small organisations to give proportionate and sensible cyber security support. Find an NCSC approved cyber advisor near you.

Should you require assistance with your applications, IASME has trained and licensed over 300 Certification Bodies who will be able to help you understand the assessment questions, explain how they relate to your business and outline what steps you need to take in order to achieve certification. Our Certification Bodies are based throughout the UK and Crown Dependencies.  You can find your nearest certification body via  https://iasme.co.uk/certification-bodies/

If you have any initial questions about the certification requirements there is a LinkedIn group run by IASME called, ‘ Cyber Essentials Advice Group ‘. You can post your questions and IASME will give you free advice.

The list of websites and sources of support is intended to be a guide to start you on your cyber journey.  It is not an exhaustive list and there will be other credible sources that may carry the information you seek.