Traced Mobile Security co-founder Benedict Jones describes how ‘NCSC for Startups’ helped evolve his business.

Tips to help you secure and reduce interactive access to your cloud infrastructure.

What you need to know before buying artificially intelligent security products

How NCSC guidance can help organisations detect and protect themselves from credential abuse.

Richard C explains how an understanding of vulnerabilities – and their exploitation – informs how the NCSC assesses the security of computer systems.

Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal life.

If your brand uses digital advertising, the NCSC has new guidance to help you choose a security-minded partner.

If your security culture isn’t improving naturally, here’s what you can do about it.

How the funded Cyber Essentials Programme helped the ‘Law Centres Network’ protect its IT estate – and client data – from cyber attacks.

The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it.

How existing NCSC guidance can assist those looking to develop and deploy ‘digital twins’.

Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.

How ‘small but actionable’ insights can improve behaviours and decision making.

Sara Ward, the CEO of Black Country Women’s Aid, discusses her organisation’s experience of gaining Cyber Essentials Plus certification.

We are encouraging large organisations to help us develop an alternative route to certification.

Latest version of the CAF reflects the increased threat to critical national infrastructure

How Platform as a Service (PaaS) can make good security easier to achieve.

The NCSC has published new cryptographic research on robust cryptography – we explain its significance and how the ideas could support research to inform future global standards.

Introducing the new NCSC research problem book and find out how you can get involved.

NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.

The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for the future.

Chris Wallis, CEO of Intruder, explains how completing the NCSC’s Startup Programme was a turning point for his organisation.

Irrespective of whether the ransom is paid, a ransomware attack means organisations have lost control of their information.

Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve

A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.

A summary of the NCSC’s security analysis for the UK telecoms sector

Technical report on best practice use of this fundamental data routing protocol.

Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.

The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.

An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from common cyber threats.

The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.

Key findings from the 5th year of the Active Cyber Defence (ACD) programme.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles.

Detect and prevent malicious software and viruses on your computer or laptop.

Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).

Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.

How to set up and use video conferencing services, such as Zoom and Skype, safely and securely

Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation

Guidance for organisations wishing to deploy products that use IPsec.

Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.

This guidance is aimed at service owners and security specialists involved in the provision of online services.

Many everyday items are now connected to the internet: we explain how to use them safely.

Tips to help you purchase items safely and avoid fraudulent websites.

Managing ‘unknown assets’ that are used within an organisation.

Guidance to help CEOs in public and private sector organisations manage a cyber incident.

Advice and recommendations for mitigating this type of insider behaviour.

A step by step guide to recovering online accounts.

How to design, use, and maintain secure networks.

Guidance for members of the public, website administrators and JavaScript developers in relation to the recently publicised cryptocurrency mining compromises of several websites

Advice for Dixons Carphone customers following its data breach.

Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.

Good practises for the management of public domain names owned by your organisation.

How organisations can avoid staff burnout during an extended period of heightened cyber threat.

How to make sure your organisation is prepared for home working.

Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and after a compromise.

Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.

Assessing the cyber security needs of major events.

Managing the cyber security of high profile events in the real and virtual worlds.

Guidance to help farmers improve the security and resilience of their business against cyber threats.

How to ensure your organisation’s SMS and telephone messages are effective and trustworthy.

How to communicate more effectively with board members to improve cyber security decision making.

Recommended authentication models for organisations looking to move ‘beyond passwords’.

When organisations might face a greater threat, and the steps to take to improve security.

Advice for organisations on the acquisition, management and disposal of network devices.

How to protect ‘smart’ security cameras and baby monitors from cyber attack.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers.

Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.

Recommended authentication models for organisations looking to move ‘beyond passwords’.

Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.

How NCSC guidance can help organisations detect and protect themselves from credential abuse.

We publish the results of our ACD 2.0 external attack surface management (EASM) trials

An update on the work to make Principles Based Assurance (PBA) usable in practice.

…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’

Publication of the UK’s process for how we handle vulnerabilities.

Remote system administration provides powerful and flexible access to systems and services.

Questions to ask your suppliers that will help you gain confidence in their cyber security.

Using the cloud securely should be your primary concern – not the underlying security of the public cloud.

Raising a cheer for SaaS vendors who respond to our cloud security principles.

A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.

Chris Ensor highlights some important elements of the NCSC’s new Technology Assurance strategy.

An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

Our research shows that using Serverless components makes it easier to get good security in the cloud

Simon Arnell, co-founder of Configured Things, describes how the NCSC For Startups programme helped the company solve an intelligence community challenge.

Explaining the forthcoming NCSC Technology Assurance Principles.

Assessing the cyber security threat to UK Universities

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.

Focused on automating UEFI firmware updates on Windows devices.

A structured look at what data to collect for security purposes and when to collect it.

The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design – and hopes to encourage more cyber defenders to engage with international standards.

Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles

The NCSC’s e-learning package ‘Top Tips For Staff’ can be completed online, or built into your own training platform.

A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’.

Managing the cyber security of high profile events in the real and virtual worlds.

Implementing asset management for good cyber security.

Guidance for organisations that use, own, or operate an online service who are looking to start securing it.

An architecture pattern for safely importing data into a system from an external source.

Check that you’re talking to a genuine NCSC employee, and not a criminal.