The NCSC recently refreshed their Board Toolkit, and while they’ve intended it for reasonably large organisations, there’s a lot in there that smaller organisations will find useful as well. You don’t need to be a member of a Board to get value from it.
For example, they’ve provided an introduction to cyber security, which includes short videos on topics such as:
- What is cyber security?
- Why is your organisation at risk?
- Who might attack your organisation?
- Introduction to the Toolkit for Boards.
And each of the 9 toolkit modules contains more videos, podcasts and other materials to support and explain cyber security.
These materials should help you understand why cyber security matters, and what you should be thinking about for your own organisation, even if your organisation doesn’t have a ‘Board’.
How can I use the Board toolkit for my small business?
There’s a lot of material, but the NCSC have made it as straightforward as possible, and you don’t need to review it all at once. If you haven’t really thought about cyber security for your organisation, or are new in post and need to get up to speed quickly, we suggest starting with:
- Introduction to cyber security for board members: this explains what cyber security is, and what you need to know, mostly in video form
- Board Toolkit: Executive summary: this PDF summaries the Board Toolkit, so if you prefer to read rather than watch, read this.
Then take a look at Questions for the board to ask about cyber security. This is a set of questions based around the modules in the toolkit. We suggest thinking through these questions, answering honestly, even if the answer is that you don’t know.
When you’re ready, work through the Toolkit modules. There are 9 modules, in groups of 3, looking at:
- Creating the right environment
- Getting the right information
- Taking steps to manage risks
There are more questions after each module, to help you think through the actions you might need to take. Just reframe them as being about your own business, no matter what size it is.
When you’ve had a chance to work through the material, let us know if you’ve got any questions about how to implement or improve cyber security in your own organisation; we can help. Contact us using the website form or call 0113 733 6230.