The National Cyber Security Centre is running pilots of two cyber security tools to help the charity sector stay safe and protected
The National Cyber Security Centre (NCSC) is running two pilots which offer free tools and resources for the UK charity sector.
The two pilots can vastly improve a charity’s cyber security. Each pilot has a limited number of spaces available, so please read on and follow the links below for more information to sign-up and register your charity.
Website vulnerabilities result from misconfigurations or software flaws that attackers exploit. Web configuration and vulnerability scanning services offer a regular and cost-effective method of checking for common problems with websites.
Web Check is a new pilot on offer to charities by NCSC. The tool examines websites and looks for common web vulnerabilities and misconfigurations. The checks are designed to impose low load on sites and to avoid damaging them.
The Web Check tool can tell charities what they need to worry about, when they need to worry about it, and what they need to do about it. It is easy to use and does not require a high level of technical skill.
Web Check can check, among other things, the use of third-party resources, issues with the server’s certificate chains, whether server software and content management systems are patched, and much more.
There are a limited number of spaces for the pilot. You can sign up here.
High-profile brands, including charities, are often spoofed by attackers using phishing emails and spreading malware. This reduces trust in these brands and allows phishing and malware campaigns to be more effective.
Email spoofing is harder if domain owners adopt Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC helps email domain owners to control how their email is processed. Organisations that deploy DMARC can ensure that their addresses are not successfully used by criminals as part of their campaigns.
Mail Check is a pilot that will allow charities to assess email security compliance. It helps charities to set up and maintain robust DMARC, SPF, DKIM and TLS configurations. It also collects, processes, and analyses DMARC reports. It could be particularly effective for charities that have proved susceptible to phishing emails in the past.