Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.

If migrating SCADA solutions to the cloud, cyber security must be a key consideration for operational technology organisations.

How Platform as a Service (PaaS) can make good security easier to achieve.

The NCSC’s CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.

Why it’s essential to secure your APIs to build trust with your customers and partners.

New proposals will combat the growing threat to UK critical national infrastructure (CNI).

Advice on the selection and deployment of Protective Domain Name Systems (DNS).

Principles-based guidance for organisations setting up a PAW solution.

The future of the CyberFirst Girls Competition and reflecting on brilliant progress.

The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this

NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.

Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC’s Technical Director, explains why.

The NCSC’s technical director outlines the challenges that TLS 1.3 presents for enterprise security.

Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.

Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.

Why established cyber security principles are still important when developing or implementing machine learning models.

…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’

Applying patches may be a basic security principle, but that doesn’t mean it’s always easy to do in practice.

By exploiting cloud services, organisations no longer have to choose between ‘more security’ and ‘better usability’.

Why the NCSC decided to advise against this long-established security guideline.

Whilst not a password panacea, using ‘three random words’ is still better than enforcing arbitrary complexity requirements.

NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used.

Chris Ensor highlights some important elements of the NCSC’s new Technology Assurance strategy.

Latest version of the CAF focusses on clarification and consistency between areas of the CAF.

Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.

The NCSC now uses ‘allow list’ and ‘deny list’ in place of ‘whitelist’ and ‘blacklist’. Emma W explains why…

ThinkCyber’s CEO Tim Ward reflects on the challenges that startups face when developing innovative products.

New guidance to help organisations manage rogue devices and services within the enterprise.

Questions to ask your suppliers that will help you gain confidence in their cyber security.

Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles

Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future.

If migrating SCADA solutions to the cloud, cyber security must be a key consideration for operational technology organisations.

Can a Software Bill of Materials (SBOM) provide organisations with better insight into their supply chains?

Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems.

The ‘NCSC for Startups’ alumnus giving identity verification the ‘Trust Stamp’

Introducing the next chapter of the NCSC research problem book, which aims to inspire research on the biggest impact topics in hardware cyber security.

Andrew A explains what’s new in a significant update to the NCSC’s flagship cloud guidance.

New ‘Code of Practice for Software Vendors’ will ensure that security is fundamental to developing and distributing products and services.

How safe is it to scan that QR code in the pub? Or in that email?

New advice on implementing high-risk and ‘break-glass’ accesses in cloud services.

Jeremy B explains how the NCSC will help organisations plan their migration to PQC.

For large, complex firms struggling with the prescriptiveness of Cyber Essentials, ‘Pathways’ will provide a new route to certification.

Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.

Introducing a new set of NCSC principles to strengthen the resilience of organisations’ cloud backups from ransomware attackers.

How to protect your backups that are stored in the public cloud.

Vicky Brock of Vistalworks describes how the ‘NCSC For Startups’ programme has helped her organisation develop solutions to tackle illicit online trade.

How startups can make the most of their time when pitching to cyber security experts.

Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector.

Can your startup help counter the rise of malicious advertising?

A new collection of resources from the NCSC can help take your supply chain knowledge to the next level

A new paper from the ONCD explores how metrics can influence markets to improve the cyber security ecosystem.

The NCSC’s Chief Executive Ciaran Martin outlines why the UK needs a National Cyber Security Centre.

NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe.

Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability.

Traced Mobile Security co-founder Benedict Jones describes how ‘NCSC for Startups’ helped evolve his business.

Tips to help you secure and reduce interactive access to your cloud infrastructure.

What you need to know before buying artificially intelligent security products

How NCSC guidance can help organisations detect and protect themselves from credential abuse.

Richard C explains how an understanding of vulnerabilities – and their exploitation – informs how the NCSC assesses the security of computer systems.

Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal life.

If your brand uses digital advertising, the NCSC has new guidance to help you choose a security-minded partner.

If your security culture isn’t improving naturally, here’s what you can do about it.

How the funded Cyber Essentials Programme helped the ‘Law Centres Network’ protect its IT estate – and client data – from cyber attacks.

The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it.

How existing NCSC guidance can assist those looking to develop and deploy ‘digital twins’.

Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.

How ‘small but actionable’ insights can improve behaviours and decision making.

Sara Ward, the CEO of Black Country Women’s Aid, discusses her organisation’s experience of gaining Cyber Essentials Plus certification.

We are encouraging large organisations to help us develop an alternative route to certification.

Latest version of the CAF reflects the increased threat to critical national infrastructure

How Platform as a Service (PaaS) can make good security easier to achieve.

The NCSC has published new cryptographic research on robust cryptography – we explain its significance and how the ideas could support research to inform future global standards.

Introducing the new NCSC research problem book and find out how you can get involved.

NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.

The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for the future.

Chris Wallis, CEO of Intruder, explains how completing the NCSC’s Startup Programme was a turning point for his organisation.

Irrespective of whether the ransom is paid, a ransomware attack means organisations have lost control of their information.

Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve

A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.

A summary of the NCSC’s security analysis for the UK telecoms sector

Technical report on best practice use of this fundamental data routing protocol.

Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.

The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.

An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from common cyber threats.

The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.

Key findings from the 5th year of the Active Cyber Defence (ACD) programme.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles.

Detect and prevent malicious software and viruses on your computer or laptop.

Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).

Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.

How to set up and use video conferencing services, such as Zoom and Skype, safely and securely

Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation

Guidance for organisations wishing to deploy products that use IPsec.

Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.

This guidance is aimed at service owners and security specialists involved in the provision of online services.

Many everyday items are now connected to the internet: we explain how to use them safely.

Tips to help you purchase items safely and avoid fraudulent websites.

Managing ‘unknown assets’ that are used within an organisation.