Resources

Links worth keeping.

A curated list of UK SME cyber and IT guidance. All free. No affiliate links.

Government & official guidance

NCSC: Small & Medium Organisations hub ↗

Plain-English advice from the UK's National Cyber Security Centre.

https://www.ncsc.gov.uk/section/information-for/small-medium-sized-organisations

Hidden business risk in legacy systems Manufacturing system resilience Malware and endpoint protection Patching & vulnerability management

NCSC: Cyber Essentials overview ↗

The UK government's baseline cyber standard.

https://www.ncsc.gov.uk/cyberessentials/overview

Independent review of IT suppliers Customer trust and security assurance Patching & vulnerability management

NCSC: Cyber Aware ↗

Six basic actions for individuals and small businesses.

https://www.ncsc.gov.uk/cyberaware

Password and account safety Cyber incident readiness Phishing & social engineering

NCSC: 10 Steps to Cyber Security ↗

The full framework. Useful for mature SMEs.

https://www.ncsc.gov.uk/collection/10-steps

Business-critical system audit Practical digital risk roadmap

NCSC: report a phishing email ↗

Forward to report@phishing.gov.uk.

https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email

Phishing & social engineering

NCSC: Exercise in a Box ↗

Free table-top exercises.

https://www.ncsc.gov.uk/information/exercise-in-a-box

Cyber incident readiness Staff training & security culture

NCSC: Logging Made Easy ↗

Free, open-source logging stack.

https://www.ncsc.gov.uk/information/logging-made-easy

Monitoring and early warning systems

NCSC: Mobile device guidance ↗

Advice on phones and tablets at work.

https://www.ncsc.gov.uk/collection/mobile-device-guidance

Mobile and remote work security

ICO: Guide to Data Protection ↗

The UK regulator's plain-English GDPR guide.

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/

Data protection and compliance readiness Customer trust and security assurance

ICO: report a personal data breach ↗

Where to notify the regulator (72-hour clock).

https://ico.org.uk/for-organisations/report-a-breach/

Protecting business data Data protection and compliance readiness Cyber incident readiness

ICO: SME web hub ↗

Plain-English data protection for small businesses.

https://ico.org.uk/for-organisations/sme-web-hub/

Data protection and compliance readiness

Action Fraud ↗

Where to report cyber crime in the UK. 0300 123 2040.

https://www.actionfraud.police.uk/

Cyber incident readiness

Self-assessment

IASME Cyber Essentials self-assessment ↗

Read the questionnaire free.

https://iasme.co.uk/cyber-essentials/

Customer trust and security assurance

NCSC: Cyber Action Plan ↗

Free online tool producing a personalised plan.

https://www.ncsc.gov.uk/cyberaware/actionplan

Business-critical system audit IT spend and risk prioritisation Practical digital risk roadmap

Microsoft Secure Score ↗

Benchmarks your M365 tenant against best practice.

https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score

Access control and accountability Password and account safety Backup and recovery confidence Staff-built systems and AI-created tools

ICO self-assessment toolkit ↗

Questionnaires that highlight data-protection gaps.

https://ico.org.uk/for-organisations/sme-web-hub/checklists/

Free tools

Have I Been Pwned ↗

Type an email. See if it's in a known breach.

https://haveibeenpwned.com

Password and account safety

Security Headers ↗

Free website security header check.

https://securityheaders.com

Monitoring and early warning systems Website and portal risk review

SSL Labs SSL Test ↗

Tests your website's TLS configuration.

https://www.ssllabs.com/ssltest/

Monitoring and early warning systems Website and portal risk review

UptimeRobot ↗

Free uptime monitoring.

https://uptimerobot.com

Monitoring and early warning systems Website and portal risk review

MXToolbox SPF / DKIM / DMARC checker ↗

Tests your domain's email authentication.

https://mxtoolbox.com/dmarc.aspx

Website and portal risk review

NCSC Mail Check ↗

Free email security check.

https://www.mailcheck.service.ncsc.gov.uk

OWASP ZAP ↗

Free automated security scanner for websites.

https://www.zaproxy.org/

Website and portal risk review

Standards & certification

IASME ↗

Certification body for Cyber Essentials.

https://iasme.co.uk

Customer trust and security assurance

BSI: ISO 27001 ↗

Heavier-weight information-security management standard.

https://www.bsigroup.com/en-GB/iso-27001-information-security/

Customer trust and security assurance

CIS Controls v8 ↗

Free, prioritised list of cyber controls.

https://www.cisecurity.org/controls

OWASP: Top 10 ↗

The original web-application security risk list.

https://owasp.org/Top10/

Website and portal risk review

OWASP: ASVS ↗

What to ask developers and pen-testers to check.

https://owasp.org/www-project-application-security-verification-standard/

Training & awareness

NCSC: Top Tips for Staff ↗

Free training package for staff.

https://www.ncsc.gov.uk/training/v3/Top%20tips%20for%20staff%20-%20Scorm%20v3/scormcontent/index.html

Phishing & social engineering Staff training & security culture

IASME training ↗

Affordable cyber training for small businesses.

https://iasme.co.uk/training/

Staff training & security culture

Reporting & help

NCSC: Suspected an incident? ↗

Guidance and reporting route.

https://www.ncsc.gov.uk/section/about-this-website/incident-management

Cyber incident readiness

UK Cyber Resilience Centres ↗

Regional police-led centres for SMEs.

https://www.nationalcrc.police.uk/

Worth bookmarking

NCSC weekly threat report ↗

Short, readable cyber digest.

https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports

Krebs on Security ↗

Independent cyber journalism.

https://krebsonsecurity.com