top of page

Financial, Legal and Property sectors can access free tools for cyber resilience

Professional services are always a target to cyber criminals due to the data they hold and the trust they have with clients.

Someone giving a presentation to others in an office

According to the Cyber Security Breaches Survey 2022

54% of finance and insurance firms and 47% of admin/real estate firms have identified breaches or attacks in the last 12 months

Meaning the professional services are above average compared with other sectors.

But the good news is that there are some amazing resources that professional services can access, for free, backed by the Government and policing.

Why are they free?

Businesses are vital to the economy, and they are currently a huge, and lucrative, target for cyber criminals, which if allowed to continue might result in businesses having to close due to cyber-attacks, people losing their jobs and ultimately the whole community suffering.

One of the key priorities for policing is the prevention of crime so making as many businesses as possible aware of these resources, and using them, is vital to prevent the cyber criminals being able to steal people’s livelihoods.

There is no catch involved either. These are not cut down versions which you can upgrade if you pay (which actually has the functionality you want). Free means just that - no strings, obligations or sales pitches attached.

Non-technical tools

The Eastern Cyber Resilience Centre logo

Membership with the Eastern Cyber Resilience Centre – sign up for our free membership and receive a monthly newsletter as well as our “Little Steps” emails giving easy to understand guidance about steps you need to implement to achieve Cyber Essentials. You can also access our affordable student services and our Forum where you can meet others in your sector.

Chambers Cyber Security - Cyber Security questionnaire to be completed by Chambers to share with Legal Firms (as their clients) to provide assurance about the safety of data shared with Chambers.

NCSC Cyber Action Plan - Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security. This is a great place to start your resilience journey and quickly identify areas that need improvement.

Screenshot of the front page of the incident response template

Incident Response Plan - To help you minimise the impact of a cyber-attack we have created a Cyber Incident Response Plan for you to use. Create a plan and then use Exercise in a box to test its effectiveness.

NCSC Exercise in a Box - An online tool which helps organisations test and practise their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it. It includes two exercises, a technical simulation, and a table-top exercise. You just need to register for an account. If you are not confident of running this aloe, your local cyber protect officer can help you for free (no strings attached). Contact us for more details.

NCSC Board toolkit icon

NCSC Board Toolkit - Boards are pivotal in improving the cyber security of their organisations. The Board Toolkit has been designed to help board members get to grips with cyber security and know what questions they should be asking their technical experts.

NCSC Cyber Security Training for Staff - Your staff are your first line of defence against a cyber-attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices and reporting incidents.

Technical tools

NCSC Early warning icon

NCSC Early Warning – receive high level alerts, in daily and weekly summaries, based on your IP and domain names, containing:

  • Incident notifications suggesting an active compromise of your system. This might be a host on your network being infected with malware.

  • Network Abuse Events suggesting your assets have been associated with malicious or undesirable activity. This might be a client on your network found scanning the internet.

  • Vulnerability and Open Port Alerts suggesting vulnerable services running on your network, or undesired applications are exposed to the internet. This might be an exposed Elasticsearch service.

Police CyberAlarm - help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.

NCSC Logging Made Easy - helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems. Logging is crucial if you want to detect and catch cyber attackers. LME can:

  • Tell you about software patch levels on enrolled devices

  • Show where administrative commands are being run on enrolled devices

  • See which users are using which machine

  • In conjunction with threat reports, LME allows you to search for the presence of an attacker in the form of Tools, Techniques and Procedures (TTPs)

NCSC Scanning Made Easy – a collection of NMAP Scripting Engine Scripts, designed to help system owners and administrators find systems with specific vulnerabilities. The script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. Running this script often and following the linked vendor advice will help to keep your network secure.

Affordable services

Group of people putting their hands in the middle

Ok, these aren’t free, but they are affordable, and we do mean affordable. We want every company operating to be able to access essential cyber resilience services.

We work with local universities to identify students who have the skills and aptitude to work in the cyber industry. They are trained and mentored by senior ethical hackers to be able to deliver these services.

Our students get amazing real-world experience, while your company gets an amazing service from students who are enthusiastic and dedicated to getting it right.

All the services are bespoke to your company, so pricing is based on what you need. You can a free, no obligation quote so you can see how affordable our services are. Why not contact us to find out more?

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.

Our members can benefit from a range of services, from helping you improve your cyber resilience through our “little steps” programme to being notified about the threats relevant to you.

Why not join our community today?

Policing led – business focused.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page