Chief Underwriting Officer
Most businesses know that cybersecurity should be a top priority - but staying up to date with such a complex and rapidly evolving area is no mean feat. And while there’s a tonne of guidance and resources available, not many of us have time to wade through it all to find the best bits. Which is why we’ve done it for you. Here are 25 of the best cybersecurity resources out there, whatever level of help and expertise you’re after:
- The NCSC. Cybercrime is a huge global threat, and the British government is heavily invested in rooting it out. To this end, they’ve provided a ton of free cybersecurity tools and resources on the National Cyber Security Centre web portal. There’s a true wealth of information here, ranging from webinars to tutorials, to up-to-date news and simple how-tos. Do some exploring, you’re sure to find something relevant to you.
- The Psychology of Information Security – Resolving conflicts between security compliance and human behaviour. This popular book, written by Leron Zenatullin, takes into account the human element of cyber-risk. A lot of cybersecurity resources focus on technical details, but this book takes a step back and looks at what is often the weakest link - people. Well worth a read for staff training purposes.
- UK IT Legal Compliance Database. IT legal compliance is a thorny and ever-changing field. If you’re unsure where your business stands, or want to check for potential red flags, this database will tell you how close you are to the legal margins.
- Akamai Blog. Akamai provides great cybersecurity services, but that’s not why we’re featuring them here. Their cybersecurity blog is one of the most up-to-date and well-written examples of its kind on the internet. Follow it to keep your finger on the cybersecurity pulse.
- Wombat Security. Similar to Akamai, Wombat has a fantastic and relevant news section which will keep you well informed of the goings-on in the world of cybersecurity. They’re particularly good at discussing (and linking) recent reports, for those of you who like a more detailed, technical look at the zeitgeist. Wombat also provides excellent training courses – although you do have to part with some cash to benefit from those.
- Sans Cyber Aces. SANS is possibly THE name in cybersecurity. They have access to the very latest developments in the field and implement these into their training programmes as quickly as they possibly can. For information on and access to cybersecurity bootcamps, events, training days, courses, and general developments, Sans Cyber Aces is the site to follow.
- Get Safe Online. Get Safe Online is a British government website which provides free, expert cybersecurity advice. There’s often a particular focus on internet child-safety, but business owners can also benefit from some of the articles and expertise offered.
- IASME. The IASME standard was created to make cybersecurity certifications more accessible to smaller organisations. IASME will assess and certify against two standards for both self-assessing and audited organisations, making it simpler for SMEs to get accredited. You can also download the standard on their website, which gives useful info on the kinds of things you should be aiming for.
- Responsible For Information. Responsible for Information is a government-led online training resource. It’s free, takes about an hour to complete, and will cover the basic cybersecurity essentials that all SMEs need to understand. It’s a great introduction to cybersecurity for businesses, and is an easy way to get started when you’re short on time and resources.
- SANS Information Center ‘Stormcast’. An easily-digestible, bite-sized cybersecurity podcast, the Stormcast is a great listen for anyone on the go. It’s American (as are most cybersecurity podcasts), but it’s still very relevant for UK businesses. After all, cyber-criminals don’t operate within national boundaries, and cybersecurity is a global issue.
- Future Learn: Introduction to Cybersecurity. Run by the Open University and certified by GCHQ, this free course is aimed at both businesses and private individuals. It will help you to understand your risk profile and take you through the basics of protecting yourself, your business, your customers, and your employees from cyber-attack. The lessons are well-planned, with plenty of useful cybersecurity examples to work through. You’ll receive a certification upon completing the course.
- The Weakest Link – Why Your Employees Might Be Your Biggest Cyber Risk. By Jeremy Swinfen Green and Paul Dorey. A must-read for anyone planning to hand any portion of their network over to employee management. It’s more of a training manual than the title appears to suggest – far from demonising employees, the authors seek to empower every member of a company to actively fight against cyber-risk.
- Securing Tomorrow – McAfee. McAfee needs no introduction, as one of the very best names in virus protection out there. Their site and blog are a great follow for anyone who wants to know about the very latest in cybersecurity innovations. It can be a bit techy at times, but in general, it is more accessible than you’d expect.
- Krebs On Security. A bit US-focused, perhaps, but this news site is well worth following if you’re interested in cybersecurity's latest. Journalist Brian Krebs has been specialising in cybersecurity since being hacked himself in 2001. He is a well-respected name in the field and really knows his stuff. He’s not afraid to dig around for his cybersecurity articles, either.
- Naked Security. Naked Security offers some free security tools for most major operating systems, which is handy. However, its best known for its computer security news. They cover all major cybersecurity incidents in detail, as well as providing useful advice on how companies and individuals can protect themselves against such threats.
- Shodan. With the IoT growing and adapting all the time, this site is becoming increasingly relevant. By letting you search devices which are connected to the internet, Shodan is great for exploring the Internet of Things, but even better for finding and plugging up potential holes in your network security.
- Bleeping Computer. A great ad-hoc resource for when your computer is doing something weird and you don’t know why. Bleeping Computer offers great practical advice for fixing common cybersecurity breaches, as well as all the latest cybersecurity news. It’s also great at highlighting events and resources like cybersecurity workshops and cybersecurity webinars, so do keep an eye on their updates.
- Cybrary. Cybrary is a totally free online library for IT and cybersecurity materials. Accounts are free, and users have access to over 500 cybersecurity courses, filtered by difficulty level. Invaluable for anyone seeking to learn a lot, fast, and for free.
- The Daily Security Tip. The Daily Security Tip is an email service which, as the name suggests, provides you with daily cybersecurity tips. The tips are actionable, and the email is pretty well put together. For something as dry as a cybersecurity email, it’s actually very readable – and even quite fun most of the time.
- The Art of Deception. This book by Kevin D Mitnick crops up on cybersecurity reading lists all the time. And for good reason. It’s a readable, easily-understandable exploration of how and why cyber-attacks happen, and what makes people vulnerable to them. Full of easily accessible cybersecurity information.
- UK Cybersecurity Forum. The UK Cybersecurity Forum represents SMEs and sole traders working in the cybersecurity field. Granted, they’re largely for cybersecurity professionals, but the forum also offers courses, training, workshops and advice for adults from all sectors. So they’re worth following.
- Practical Guide to Staying Ahead in the Cyber Security Game. Written by IBM engineer Martin Borrett, this book offers accessible cybersecurity information and practical cybersecurity advice. Best of all, it’s totally free.
- The Guardian Security Hub. The great thing about the Guardian’s hub for cybersecurity articles is that they tend to be written in layman’s terms, while managing not to compromise on content. So, it’s easy to get a lot of relevant information on all your current cybersecurity questions without having to drown yourself in technical detail. It’ll also keep you primed on relevant cybersecurity topics, and how they relate to the wider world context (something which a lot of cybersecurity information sites don’t manage so well).
- Cloud Security Resources. A repository of Google’s whitepapers, tutorials, webinars, and articles on Cloud Security. Often updated, and an essential bookmark for anyone who operates in the Cloud.
- Graham Cluley. Graham Cluley is fantastic at producing UK-relevant cybersecurity content. Podcasts, videos, blogs, articles – you name it, Graham Cluley is on it. He’s very well-informed and provides an articulate, well-balanced view on the state of modern cybersecurity. He also sometimes answers cybersecurity questions from businesses and individuals on his podcast, so it’s worth tuning in lest an answer relevant to you should crop up.
Phew! There are definitely plenty of places to turn to for all your cybersecurity needs, and we know it’s easy to get overwhelmed. So, try to keep it manageable, by picking two or three that you like the sound of and start digging in. You’ll be on top of all the latest thinking in no time.