Cyber protect your business for free: Part 3

We’ve been talking about free guidance and training to help you get started with cyber security for your small business. Today we’re going to look at a few of the useful—and free—tools that are available.

Cyber security toolkits

When you’re ready to dig a bit deeper, it’s good to have a structure in place to help you think through the issues. Knowing what questions to ask, and what to think about, is a big step forward…

  1. As well as the Exercise in a Box mentioned in last week’s post, which can help a business identify areas for improvement, NCSC has developed a toolkit designed to encourage discussion between business leaders and technical experts (the Board toolkit). Often these two groups talk very different languages, so it is useful to try and get the two together in the interests of a common goal
  2. The NCSC offers free self-service checks to help you improve the security posture of your organisation: Active Cyber Defence
  3. The British Retail Consortium (BRC) has produced a Cyber Resilience for Retail toolkit, in conjunction with the NCSC, so if you work in retail, this could be very useful.
  4. And the ICO has a self-assessment tool for small business owners and sole traders, to help you assess how well you comply with data protection law (and what to do if you are not yet fully compliant.

And a few free cyber security tools

There are a lot of tools out there to help you stay safe; we’ve listed a few here to get you started:

  1. Get Safe Online will check a website address for you, to help you decide whether or not it is a scam site. You enter a website address ( and it automatically checks the latest information available, and reports its findings. Then you can decide whether to avoid that website, or to trust it. You could check your own site too, to see if it gets the all clear.
  2. CyberAlarm is a site set up by the UK Police and funded by the Home Office. Once you’ve registered and installed the CyberAlarm Data Collector, it will identify and analyse any suspicious data being sent to your system via the internet. It can scan your website and external IP addresses for known vulnerabilities. And it will send you reports on the findings, so you know what to do to strengthen your defences.
  3. Early Warning from the NCSC uses their own information feeds, and those from other trusted and privileged sources, filters them, and sends you any information relevant to your organisation. This could include an alert on an active compromise of your system; on any indicators that your assets have been associated with undesirable activity; or on vulnerable services or applications on your network. It does not scan your network.
  4. Have I been Pwned is a site that will let you know whether or not your email address (or phone number) has been in a data breach.
  5. GetGoPhish will help you set up a phishing simulation for your business, which means you can train your staff in spotting phishing attacks.  
  6. Don’t forget that if someone calls you and says they are from your bank, you can call 159 as a safe way to contact your bank to check. See Stop, hang up and call 159 – Click and Protect

This is just a short list of the free tools and advice available to help you with cyber security. If you’re interested in further support, or if you have a particular cyber security issue that you’d like us to help with, please contact the Click and Protect team on 0113 733 6230.