A brief introduction to the National Cyber Security Centre, what we’re doing for colleges’ cyber security and opening a conversation about what else we should be doing. We’ll cover a number of (free!) NCSC products and guidance that can really help raise individual colleges’ and universities’ cyber resilience that you may or may not be aware of, and talk about our future plans. Presentation delivered by Hannah H., NCSC, as part of the Virtual Bridge Session series. Follow along at https://twitter.com/Virtual_Bridge​ and see what's coming up next at https://bit.ly/VBsessions

1. The National Cyber Security Centre at
Your Service
Hannah H
23rd March 2021

2. Helping to make the UK the safest place to live and work online
2
The NCSC:
• understands cyber security, and distils this
knowledge into practical guidance for all
• responds to cyber security incidents to
reduce the harm they cause to organisations
and the wider UK
• uses industry and academic expertise
to nurture the UK's cyber security capability
• reduces risks to the UK by securing public
and private sector networks

3. Introducing myself and my role

4. You may know us from products and
services such as….

5. Cyber Essentials
and Cyber Essentials Plus
IASME as sole certification body now
Readiness tool - https://getreadyforcyberessentials.iasme.co.uk/
Any feedback?

6. 1.Strong and separate passwords for email
2.Strong passwords by using three random words
3.Save passwords in your browser
4.Turn on 2FA (two factor authentication)
5.Update your devices
6.Back up your data
Cyber Aware campaign – the basics

7. Covid-related advice – and new topics
Moving from physical to digital
Video conferencing
Guidance on Cyber Insurance

8. Staff awareness training
Top Tips for Staff e-learning
Can be embedded in your own ELM system
Being updated
What about students?

9. Alerts and Advisories
Through our website
CiSP?
Weekly bulletins on open source cyber security stories
https://www.ncsc.gov.uk/section/keep-up-to-date/
Weekly threat reports

10. Exercise in a Box
Simulated and table-top exercises
Free!
Scenarios based on common cyber incidents
Gives advice afterwards

11. The Cyber Security Toolkit for Boards
• Guidance to support board members get up to speed on a topic they may not be
familiar with
• Designed primarily for corporate boards - but messages relevant to any board in
any sector (e.g. school governors, charity trustees)
• Nine key modules on key cyber security topics
• Followed by questions board members may wish to ask their technical experts

12. 12

13. Suspicious Email Reporting Services
report@phishing.gov.uk
Looks at reporting emails to see if there is suspicious activity
(i.e. looks to be phishing emails sent via a domain, investigates
it and, if UK based, looks to take it down)
4 million reports in the first year1

14. Reporting / Incidents
Do you have an incident management plan?
Who would you report to?
• Police Scotland
• Jisc?
• us?
• Scottish government
Our incident management info

15. For more technical staff

16. Ten Steps to Cyber Security
Detailed guidance on how larger organisations can protect themselves
in cyberspace.
Currently being updated

17. ‘Active Cyber Defence’ – My NCSC
Web Check – for common website vulnerabilities
Mail Check – to protect against mail spoofing
Early Warning – soft launch – automated alerts if network abuse
activity is seen or suspected, so warns of potential threats
against the network.

18. Read all about it…
Ransomware alert for the sector: Sept 2020
Ransomware alert for the sector: March 2021
Mitigating ransomware & malware attacks

20. Which have you heard of?
Which are you using?
What else do you need?
What are the barriers?
How else can we reach you?
Hannah.h@ncsc.gov.uk