East CRC Background .png

NCSC Support for Cyber Attacks & Resilience

The National Cyber Security Centre (NCSC) is the UK’s independent authority on

Cyber Security.

The centre has vast technical capabilities and expertise which they utilise to

produce practical guidance for businesses and the public.

They are a fantastic resource for the very latest Cyber Security advice.


The ECRC has put together some of the top resources the NCSC has produced to

make it easy for your business to access them.



Just click on the headings to get more information:

For all businesses

Cyber Action Plan

Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security.


Small Business Guide

An easy-to-understand guide with five key steps you can take to manage your cyber security risks.


10 Steps to Cyber Security

Guidance is designed to help organisations protect themselves in cyberspace. It breaks down the task of defending your networks, systems and information into its essential components, providing advice on how to achieve the best possible security in each of these areas.


Exercise in a Box

An online tool which helps organisations test and practise their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it. It includes two exercises, a technical simulation and a table-top exercise. You just need to register for an account.


NCSC Board Toolkit

Boards are pivotal in improving the cyber security of their organisations. The Board Toolkit has been designed to help board members get to grips with cyber security and know what questions they should be asking their technical experts.


Cyber Security Training for Staff

Your staff are your first line of defence against a cyber attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices and reporting incidents.

Active Cyber Defence

The ACD programme seeks to reduce the harm from commodity cyber attacks by providing tools and services, free at the point of use, that protect against a range of cyber security threats. Tools included Protective Domain Name Service (PDNS), Web Check, Mail Check, Host Based Capability (HBC), Logging Made Easy (LME), Vulnerability Disclosure, The NCSC's Early Warning service, Suspicious Email Reporting Service (SERS), The NCSC Takedown Service and MyNCSC.

Incident Response Plan

To help you minimise the impact of a cyber attack we have created a Cyber Incident Response Plan for you to use.

For Education

Cyber Security in Schools: questions for Governors & Trustees

Questions for the governing body and trustees to ask school leaders, to help improve a school's understanding of its cyber security risks.


Cyber Security Training for School Staff

The NCSC has produced free cyber security training to raise awareness and help school staff manage some of the key cyber threats facing schools.


Early Years practitioners: using cyber security to protect your settings

How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.

Mail Check

Mail Check helps organisations assess their email security compliance and adopt secure email standards which prevent criminals from spoofing your email domains. Currently only for Universities and Further Education Colleges.

Web Check

Web Check helps you find and fix common security vulnerabilities in the websites that you manage. Currently only for Universities and Further Education Colleges.

For Charities

Small Charity Guide

Guidance detailing five topics to increase protection from the most common types of cybercrime.

Image of tools laid out

The contents of this webpage are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of  The Eastern Cyber Resilience Centre (ECRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. ECRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


ECRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this webpage. ECRC is not responsible for the content of external internet sites that link to this site or which are linked from it.