Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack. It is completely free, and you don’t have to be an expert to use it. The service provides exercises, based around the main cyber threats, which your organisation can do in your own time, in a safe environment, as many times as you want.
Why should you do it?
Charities, small businesses, and public sector organisations hold just as much sensitive data as large organisations, but rarely have the same resources for securing it. Most organisations know that the Information Commissioner’s Office can issues fines of up to £17.5 million following breach of sensitive data, but did you know individuals can file separate claims for compensation? Sensitive data is even being stolen and used to extort charities for millions in ransom payments.
Using the Sensitive Data Leak scenario from the National Cyber Security Centre’s Exercise in a Box toolkit, the Cyber and Fraud Centre’s team of Ethical Hackers will challenge your data protection policies and processes in a discussion based exercise aimed at improving your organisation’s resilience to extortion and sensitive data leaks.
This exercise is split up into 3 injects, with several discussion points covering a variety of topics, including:
- Your organisation’s logging and monitoring of internal sensitive data
- Your processes for securely offboarding a disgruntled employee
- Internal escalation of a security incident and the legal considerations
Register at the Cyber and Fraud Centre website
*If you are a private sector organisation and interested in attending an Exercise in a Box session, send an
email to enquiries@cyberfraudcentre.com and they will get in touch with you.