Businesses assisted in keeping home workers secure with NCSC cyber exercise
16 July 2020
BUSINESS OWNERS are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the National Cyber Security Centre (NCSC). The ‘Home and Remote Working’ exercise is the latest addition to the NCSC’s highly successful ‘Exercise in a Box’ toolkit, which helps businesses (notably SMEs) carry out drills in preparation for actual cyber attacks.
Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each. The latest exercise – the tenth in the series, in fact – is focused on home and remote working, reflecting the fact that, for many organisations, this remains a hugely important part of their business.
Sarah Lyons, the NCSC’s deputy director for economy and society engagement, observed: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues. Using ‘Exercise in a Box’ is an excellent way to do just that. While cyber security can feel daunting, it doesn’t have to be. The feedback we’ve received from our exercises is that they’re fun as well as being informative.”
Lyons went on to comment: “I would urge business leaders to treat ‘Exercise in a Box’ in the same way they do their regular fire drills. Doing so will help reduce the chances of falling victim to future cyber attack episodes.”
The exercise follows a range of products developed by the NCSC – itself a part of GCHQ – to support remote working during the Coronavirus pandemic, including advice on working from home and securely setting up video conferencing.
The new ‘Home and Remote Working’ exercise is aimed at helping businesses to reduce the risk of data compromise while employees are working remotely.
The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration and what processes are in place to manage a cyber incident remotely.
Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.
As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end of the process an evaluative summary is created, outlining next steps and pointing to the NCSC guidance.
A spokesperson for Eventura, a managed services and business systems firm, said: “The ‘Exercise in a Box’ is just like the monthly fire alarm test or evacuation drill. It’s part of the preparation for a real event. The best way to learn and improve on anything is by doing it. ‘Exercise in a Box’ a fantastic tool that’s free, well thought-out, easy-to-use and can help improve an organisation’s security posture. What’s not to love in that?”
‘Exercise in a Box’ is an evolving tool and, since it was launched, the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users. Very soon, micro-exercises – ie ‘bite-sized’ exercises that focus on a specific topic – will be added.
The NCSC is the UK’s lead technical authority on cyber security and offers unrivalled real-time threat analysis, defence against national cyber attacks and tailored advice to victims when incidents do happen. Last year, the NCSC’s Active Cyber Defence Programme took down 190,000 fraudulent sites and stopped 140,000 phishing attacks.