National Cyber Security Centre
Businesses helped to keep home workers secure with NCSC cyber exercise
'Home and remote working' exercise has been added to the Exercise in a Box toolkit.
- The National Cyber Security Centre launches exercise to help small businesses test their cyber resilience while staff work remotely
- ‘Home and Remote Working’ exercise will form part of a series in the highly successful Exercise in a Box toolkit
- Measure is latest in a range of support NCSC has offered for home workers since the coronavirus outbreak
BUSINESS owners are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the NCSC.
The ‘Home and Remote Working’ exercise is the latest addition to the National Cyber Security Centre’s highly successful Exercise in a Box toolkit, which helps small and medium sized businesses carry out drills in preparation for actual cyber attacks.
Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each.
The latest exercise – the tenth in the series - is focused on home and remote working, reflecting the fact that for many organisations this remains a hugely important part of their business.
Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, yesterday said:
“We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.
“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.
“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”
The exercise follows a range of products developed by the NCSC – which is a part of GCHQ – to support remote working during the coronavirus pandemic, including advice on working from home and securely setting up video conferencing.
The new ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.
The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.
Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.
As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.
A spokesperson for Eventura, a managed services and business systems firm, yesterday said:
“Exercise in a Box is just like the monthly fire alarm test or evacuation drill, it’s part of the preparation for a real event and the best way to learn and improve on anything is by doing it.
“It’s a fantastic tool that’s free, well thought-out, easy-to-use and can help improve an organisation’s security posture – what’s not to love in that?”
Exercise in a Box is an evolving tool and since it was launched the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users and soon micro-exercises – ‘bite-sized’ exercises that focus on a specific topic – will be added.
Notes to Editors
The UK government is fully committed to defending against cyber threats and set up the National Cyber Security Centre (NCSC) as part of GCHQ in 2016.
The NCSC is the UK’s lead technical authority on cyber security and offers unrivalled real-time threat analysis, defence against national cyber attacks and tailored advice to victims when incidents do happen.
The NCSC has published a variety of guidance aimed at organisations, on topics including:
- Small businesses moving their physical operations online
- Setting up video conferencing services securely
- Increasing home working
The NCSC’s Active Cyber Defence programme last year took down 190,000 fraudulent sites and stopped 140,000 phishing attacks.
Latest News from
National Cyber Security Centre
Update to the Cyber Essentials technical controls30/11/2021 16:25:00
In January 2022, the NCSC will introduce the biggest update to Cyber Essentials technical controls since its launch.
UK schoolgirls encouraged to enter new-look codebreaking contest24/11/2021 13:25:00
Register your team for the CyberFirst Girls Competition 2022 ahead of the opening round.
NCSC commits to improving equality, diversity and inclusion as report shows progress but room for improvement remains23/11/2021 13:05:00
This year's report measures industry-wide progress since 2020, and captured new benchmarks including disability, neurodiversity and seniority.
Guidance for retailers to prevent websites becoming Black Friday cyber traps23/11/2021 09:15:00
The NCSC encourages small online shops to protect their customers from cyber criminals over key shopping period.
Record number of cyber incidents mitigated as NCSC protects vaccine rollout18/11/2021 11:15:00
The NCSC's 2021 Annual Review highlights the work undertaken to protect the UK over the past 12 months.
National Cyber Security Centre Annual Review 2021 Launch17/11/2021 13:39:00
Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, Steve Barclay, yesterday gave a speech at the launch of the National Cyber Security's 2021 Annual Review.
EmPowered: Hundreds of school pupils take part in cyber-themed week of learning15/11/2021 09:15:00
Schoolchildren across the UK have been taking part in events this week designed to bring the world of cyber security to life.
NCSC statement on cyber incident affecting the Labour Party03/11/2021 15:20:00
The NCSC is currently supporting the Labour Party with an ongoing cyber incident.