Cyber Prepare
The Importance of Being Prepared
While most businesses invest in technologies or adopt policies that serve to protect against cyber crime, many overlook the importance of having a strategy in place in case those defences are compromised.
No cyber defence is 100% effective. Recognising that fact, and preparing for an incident in advance, is key to mitigating the impact – and may be what enables your business to survive.
As part of the UK’s National Cyber Security Strategy the Cyber Prepare network has been created to help make UK PLC more resilient against cyber attack. Prepare advice from SEROCU is currently delivered alongside the Protect message in our FREE cyber awareness sessions or boardroom exercise. Please visit the Cyber Protect page for more details:
Essential Preparation
You should consider the following measures essential to your Prepare strategy:
Multi-Factor Authentication (MFA, 2FA) – enabling this feature on every service where it is available will act as a safety net should your account passwords become compromised. This is arguably the single most effective and inexpensive Protect/Prepare component available today. Further information on MFA can be found on the NCSC website.
Back Ups – All critical data should be backed up, and stored in such a way that it cannot be compromised during a cyber attack. Remember to test and validate your back ups regularly. Further information on Back Ups can be found on the NCSC website.
Incident Management and Response – Your Incident Management and Response model will vary dramatically depending on the scale and structure of your business. Incident Response is typically broken down into six “stages”, with even those businesses that outsource their IT function having a significant role to play in steps 1, 2, 3 and 6. The stages are:
- Preparation – ensuring that the relevant response plans and policies are in place in advance.
- Identification (Detection) – recognising when an event or incident has begun and initiating the relevant response.
- Containment (Isolation) – taking steps to minimise the impact on the business.
- Eradication – removing/treating the threat.
- Recovery – restoring normal operations in an orderly fashion.
- Lessons learned – every incident is an opportunity for your business to test and fine tune existing response plans ready for the future.
Planning for incident response should be a continual and dynamic process. To get started, think about the incidents that might affect your business – ransomware, business e-mail compromise, Distributed Denial of Service (DDoS), malicious insider. You should develop individual responses (‘playbooks’) for each incident – and don’t forget, we are here to help.
You should register for, download and complete appropriate materials from the free National Cyber Security Centre “Exercise in a Box” tool. This is a live, evolving tool and new exercises will be added over time.
If you’d like us to assist you in completing the exercises, either as observers or advisors, please get in touch.
The small business guide also covers guidance that helps small to medium sized organisations prepare their response to and plan their recovery from a cyber incident. The full guide can be found on the NCSC website

Get in Touch
Contact us to start a conversation and book a training exercise:
CyberProtect@serocu.pnn.police.uk
Please be aware that our primary business audience is Small to Medium Enterprises (SMEs), though we are willing to have conversations with larger companies and any company which is victim of a significant cyber incident.
Personal Cyber Security & Privacy
For guidance on staying secure online and maximising your online privacy, please go to our dedicated pages: