Irrespective of whether the ransom is paid, a ransomware attack means organisations have lost control of their information.

Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve

A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.

A summary of the NCSC’s security analysis for the UK telecoms sector

Technical report on best practice use of this fundamental data routing protocol.

Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.

The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.

An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from common cyber threats.

The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.

Key findings from the 5th year of the Active Cyber Defence (ACD) programme.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles.

Detect and prevent malicious software and viruses on your computer or laptop.

Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).

Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.

How to set up and use video conferencing services, such as Zoom and Skype, safely and securely

Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation

Guidance for organisations wishing to deploy products that use IPsec.

Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.

This guidance is aimed at service owners and security specialists involved in the provision of online services.

Many everyday items are now connected to the internet: we explain how to use them safely.

Tips to help you purchase items safely and avoid fraudulent websites.

Managing ‘unknown assets’ that are used within an organisation.

Guidance to help CEOs in public and private sector organisations manage a cyber incident.

Advice and recommendations for mitigating this type of insider behaviour.

A step by step guide to recovering online accounts.

How to design, use, and maintain secure networks.

Guidance for members of the public, website administrators and JavaScript developers in relation to the recently publicised cryptocurrency mining compromises of several websites

Advice for Dixons Carphone customers following its data breach.

Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.

Good practises for the management of public domain names owned by your organisation.

How organisations can avoid staff burnout during an extended period of heightened cyber threat.

How to make sure your organisation is prepared for home working.

Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and after a compromise.

Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.

Assessing the cyber security needs of major events.

Managing the cyber security of high profile events in the real and virtual worlds.

Guidance to help farmers improve the security and resilience of their business against cyber threats.

How to ensure your organisation’s SMS and telephone messages are effective and trustworthy.

How to communicate more effectively with board members to improve cyber security decision making.

Recommended authentication models for organisations looking to move ‘beyond passwords’.

When organisations might face a greater threat, and the steps to take to improve security.

Advice for organisations on the acquisition, management and disposal of network devices.

How to protect ‘smart’ security cameras and baby monitors from cyber attack.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers.

Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.

Recommended authentication models for organisations looking to move ‘beyond passwords’.

Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.

How NCSC guidance can help organisations detect and protect themselves from credential abuse.

We publish the results of our ACD 2.0 external attack surface management (EASM) trials

An update on the work to make Principles Based Assurance (PBA) usable in practice.

…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’

Publication of the UK’s process for how we handle vulnerabilities.

Remote system administration provides powerful and flexible access to systems and services.

Questions to ask your suppliers that will help you gain confidence in their cyber security.

Using the cloud securely should be your primary concern – not the underlying security of the public cloud.

Raising a cheer for SaaS vendors who respond to our cloud security principles.

A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.

Chris Ensor highlights some important elements of the NCSC’s new Technology Assurance strategy.

An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.

Our research shows that using Serverless components makes it easier to get good security in the cloud

Simon Arnell, co-founder of Configured Things, describes how the NCSC For Startups programme helped the company solve an intelligence community challenge.

Explaining the forthcoming NCSC Technology Assurance Principles.

Assessing the cyber security threat to UK Universities

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.

Focused on automating UEFI firmware updates on Windows devices.

A structured look at what data to collect for security purposes and when to collect it.

The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design – and hopes to encourage more cyber defenders to engage with international standards.

Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles

The NCSC’s e-learning package ‘Top Tips For Staff’ can be completed online, or built into your own training platform.

A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’.

Managing the cyber security of high profile events in the real and virtual worlds.

Implementing asset management for good cyber security.

Guidance for organisations that use, own, or operate an online service who are looking to start securing it.

An architecture pattern for safely importing data into a system from an external source.

Check that you’re talking to a genuine NCSC employee, and not a criminal.

This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.

How to implement a secure end-to-end data export solution

Advice and recommendations for mitigating this type of insider behaviour.

How to avoid malware sent using scam ‘missed parcel’ SMS messages, and what to do if your phone is already infected.

Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles.

This guidance is aimed at service owners and security specialists involved in the provision of online services.

Why macros are a threat, and the approaches you can take to protect your systems.

Protecting your organisation’s telephony systems from cyber attacks and telecoms fraud.

How organisations can map their supply chain dependencies, so that risks in the supply chain can be better understood and managed.

Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks.

New presentation includes voiceover and insights on ransomware attack on the British Library.

Listen to all five episodes now, covering a wide range of cyber security topics.

An update on the work to make Principles Based Assurance (PBA) usable in practice.

How to design, use, and maintain secure networks.

How to ensure data cannot be recovered from electronic storage media.

Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and after a compromise.

How to ensure your organisation’s SMS and telephone messages are effective and trustworthy.

How to get the most from penetration testing

New ‘Content Credentials’ guidance from the NSA seeks to counter the erosion of trust.

Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.

A new NCSC research paper aims to reduce the presence of ‘unforgivable’ vulnerabilities.

We thank participants and look forward to sharing what we’ve learned