Most* UK colleges and universities are already using one or more of the NCSC’s free cyber security tools, but for those of you that aren’t yet actively using their Active Cyber Defence services, you might want to look at the following:
• Web Check checks your websites for common web vulnerabilities and misconfigurations in an unobtrusive way and tells you what you should be concerned about and what you need to do about it.
• Mail Check is something we have blogged about here before. It is a service that helps with email security configuration and reporting. Mail Check helps you to setup and maintain good DMARC, SPF, DKIM and TLS configurations. It also collects, processes and analyses DMARC reports. NCSC can provide support with setting these up.
• Early Warning – Institutions can register their domains and you will be automatically informed if NCSC spot anything in their feeds that suggests malicious activity on your network. Jisc CSIRT also does this – we get threat feeds from many sources, including NCSC, and pass on relevant information to Jisc members and customers (including intelligence from our Dark Web monitoring), however we would recommend institutions also subscribe to the NCSC Early Warning Service as an additional layer of defence.
* As of mid-July 2021 70% of universities and 60% of colleges had signed up to Web Check