Improving Organisational Cyber Security

Having now resolved the vulnerability the Operation Configured team notified you of, this is the best opportunity for you to review how your organisation approaches it’s overall Cyber and Information Security. This page contains a summary of advice including a number of free resources from the Police and UK’s National Cyber Security Centre (NCSC). We also have more comprehensive advice on the SEROCU Cyber web pages under the Cyber Protect programme.

In 2021, four out of ten UK businesses reported that they had experienced a cyber security breach or attack (DCMS Cyber Breaches Survey 2021). Charities, education and the public sector are all significant targets of cyber attacks.


The guidance provided by the National Cyber Security Centre can’t guarantee protection from all types of cyber attack, but it does show how easy it can be to protect your organisation’s data, assets, and reputation.

Strategic Cyber Security:

Managing Vulnerabilities and Threats:

Strategic Cyber Security

It is important that cyber and information security feature as a key consideration for the organisational leadership, are discussed at the highest level and the risks exist and are addressed on your risk register. Cyber security is NOT just an Information and Communication Technology function as there are both policy and people considerations as well.

Starting out with Cyber Security

NCSC Small Business Collection Covers

The Small Business Collection from the National Cyber Security Centre (NCSC) is suitable for any small to medium enterprise who is new to thinking about Cyber Security and would like to get the foundations right first with clear guidance on quick and simple wins. There are two sets of guidance – the Small Business Guide and the Response and Recovery Guide. The Small Business Guide is structured around five key topic areas:

  1. Backing Up Your Data
  2. Protecting Your Organisation from Malicious Software
  3. Keeping Your Mobile Devices Secure
  4. Protecting Accounts – Passwords and Multi-Factor Authentication
  5. Avoiding Phishing Attacks

The Response and Recovery Guide assists in being prepared for the reality that an incident may, one day, occur to your organisation. Preparedness reduces response time and therefore minimises the damage or harm caused.

The NCSC have also produced a dedicated Small Charity Guide and guidance for the Education Sector.

Back to Top

Already Confident with Cyber Security

Large organisations or those who are already quite happy with their cyber security should instead aspire to achieving the National Cyber Security Centre’s 10 Steps to Cyber Security. This is a more comprehensive and in depth collection of guidance covering:

  1. Risk Management
  2. Engagement and Training
  3. Asset Management
  4. Architecture and Configuration
  5. Vulnerability Management
  6. Identity and Access Management
  7. Data Security
  8. Logging and Monitoring
  9. Incident Management
  10. Supply Chain Security

For larger organisations with a board structure, the Board Toolkit encourages the senior leadership to have essential conversations with their technical teams.

Back to Top

Managing Vulnerabilities and Threats

There are a number of free services available to you to support you in identifying new vulnerabilities and threats promptly. These are provided by the Police or National Cyber Security Centre and are available to any UK organisation at no cost for the service.

The following services are available free to all UK-based organisations subject to suitability and technical compatibility:

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning. Membership of Police CyberAlarm will give free, regular proactive external vulnerability scans giving you the earliest notice of exposed vulnerabilities such as those the Op Configured team have informed you of.

Police CyberAlarm acts as a “CCTV camera” monitoring the traffic seen by a member’s connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. The data collected by the system does not contain any content of the traffic. The system is designed to protect personal data, trade secrets and intellectual property.

Click image to view larger version

Members of Police CyberAlarm will become part of the wider UK cyber defence network, sharing collected data with Police for analysis at local, regional and national levels to identify trends, react to emerging threats and identify, pursue and prosecute cyber criminals.

Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses, providing regular reports of all known vulnerabilities.

There is no charge from the Police to use this service.

Police CyberAlarm members install a CyberAlarm Virtual Server on their premises which will be used to collect and process traffic logs from their firewall/internet gateway. Police CyberAlarm Virtual Server is easy to install using the downloadable virtual appliance, offering one-click installation. The Virtual Server will run on low-specification hardware. While full installation instructions are provided, you may require technical support to configure the connection to your firewall. You will require a dedicated firewall appliance – all in one small business solutions may not have the capability of sending logs to the Virtual Server (or any log aggregation / SIEM solution).

Use SignUp code CONFIGURED to register:

Police CyberAlarm

Back to Top

NCSC – Early Warning Service

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

Click image to view larger version

Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.

Organisations will receive the following high level types of alerts:

  • Incident Notifications – This is activity that suggests an active compromise of your system.
    For example: A host on your network has most likely been infected with a strain of malware.
  • Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
    For example: A client on your network has been detected scanning the internet.
  • Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
    For example: You have a vulnerable application, or you have an exposed Elasticsearch service.

Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.

Eligible Sectors: Any UK organisation with a static IP address or domain name can sign up to use Early Warning.

NCSC Early Warning

Back to Top

NCSC – Cyber-security Information Sharing Partnership (CiSP)

CiSP is the Cyber security Information Sharing Partnership. CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.

CiSP is a forum type platform separated into nodes based on geography, organisation type or threat type. Network Defenders, UK Government, the National Cyber Security Centre, ROCU Protect Network and Law Enforcement can share information promptly and securely

The Benefits of CiSP

  • Engagement with industry and government counterparts in a secure environment
  • Early warning of cyber threats
  • Ability to learn from experiences, mistakes, successes of other users and seek advice
  • An improved ability to protect their company network
  • Access to free network monitoring reports tailored to your organisations’ requirements

To become a registered CiSP member you must be:

  • A UK registered company or other legal entity which is responsible for the administration of an electronic communications network in the UK
  • Sponsored by either a government department, existing CiSP member or a regional Cyber Protect police officer or industry champion.

Join CiSP

Back to Top

Cyber Resilience Centre for the South-East

Cyber Resilience Centre for the South-East

Using a combination of police officers and cyber talent, the Cyber Resilience Centre for the South-East supports and helps protect small business, SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

​Covering the areas of Thames Valley, Oxfordshire, Berkshire, Buckinghamshire, West Sussex, East Sussex, Surrey, Hampshire, and the Isle of Wight, they are working with local Universities and the Police forces, which provides them with access to the latest local as well as national information on emerging cyber threats, criminal trends, best practice for cyber resilience and new technology to provide you with timely guidance to prepare and protect your business, staff and clients from cyber criminals.

​The Cyber Resilience Centre for the South-East provides affordable cyber security testing and training services, with the opportunity to learn how to procure private sector cyber security products, services, or resources. Whether it’s just a health check for your company or its employees, they can help with whatever your cyber needs.

​A trusted resource, they are also a straightforward place to find IASME approved Cyber Essentials and Cyber Essentials Plus Certifiers in the South East. These are recognised nationally as Trusted Partners.

​The Cyber Resilience Centre for the South-East is modelled on a successful structured collaboration acclaimed by the National Police Chiefs’ Council (NPCC). It is part of a nationwide network of not for profit centres set up by the Home Office and Business Resilience International Management.

The Cyber Resilience Centre for the South-East provides free of charge membership and further paid membership opportunities. Membership is not just for IT or Tech companies – it is highly relevant and beneficial to all sizes and types of organisations.

Cyber Resilience Centre for the South-East

Back to Top

The following services are only available to a limited range of organisations:

NCSC – Mail Check

Mail Check is the NCSC’s free platform for assessing email security compliance. It helps domain owners identify, understand, and prevent abuse of their email domains. In particular, Mail Check supports organisations in implementing the following controls:

  • Email anti-spoofing controls (SPF, DKIM and DMARC): These standards help prevent various attacks (for example, phishing and malware campaigns) that use an organisation’s email domain to trick email recipients.
  • Email confidentiality (TLS): Keeping messages encrypted and private as they are sent over the internet.

Mail Check is available to:

  • Central Government
  • Local Authorities
  • Devolved Administrations
  • Emergency Services
  • NHS Organisations
  • Academia (universities and further education colleges, and all UK schools)
  • Charities (pilot users only)

Mail Check is not currently available to the private sector.

NCSC Mail Check

Back to Top

NCSC – Web Check

Web Check checks your websites for common web vulnerabilities and misconfigurations. The checks are designed to impose low load on sites and to avoid damaging them. Web Check tells you: what you need to worry about, when you need to worry about it and what you need to do about it.

It is easy to use and doesn’t require a high level of technical skill. Potential security issues checked for include the following:

  • Whether a site’s server software is patched and up to date
  • If using a Content Management System, whether this is patched and up to date
  • Issues with the server’s certificate chains
  • A range of TLS configuration concerns and implementation errors
  • Whether site misconfiguration is suggested by inconsistency between the site loaded over HTTP and over HTTPS
  • Use of third-party resources, and whether these are loaded over HTTPS
  • Whether cross domain policy and/or cross origin resource sharing controls allow interaction from other sites

Web Check is available to:

  • Central Government
  • Local Authorities
  • Devolved Administrations
  • Emergency Services
  • NHS Organisations
  • Academia (universities, further education colleges, and all UK schools)

Web Check is not currently available to the private sector.

NCSC Web Check

Back to Top

NCSC – Active Cyber Defence

There are a number of other services from NCSC available to UK-based organisations under their Active Cyber Defence programme:

NCSC Active Cyber Defence

Back to Top

Disclaimer: The advice provided on this website is for general information only and is not intended to replace specific professional advice relevant to your organisation. Information on the website is not comprehensive and may not reflect the most recent legislation, practice, advice or application to your specific circumstances.
The South-East Regional Organised Crime Unit (SEROCU) does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.