Small businesses are often at risk from cyber threats, but many don’t have the time, resource, or specialist knowledge to deal with them. The Cyber Action Toolkit provides small businesses with clear, bite-sized actions to work through at their own pace, helping protect their business’s money and reputation from cyber criminals free of charge.

There are a number of free services and cyber security tools to help you protect your business. For more information and advice, view our comprehensive list of cyber security services.

What makes the Cyber Action Toolkit different?

  • Actionable guidance

    Information is broken down into manageable, step-by-step sections.

  • Progress tracking

    Businesses can track their progress and complete the toolkit in their own time.

  • Tailored design

    The toolkit has been designed with small businesses, for small businesses.

  • Starting point for cyber security

    Ideal for those who are unsure where to start, designed to build confidence and help progress to Cyber Essentials certification - the government-backed minimum standard.

The Cyber Action Toolkit creates a natural pathway towards Cyber Essentials certification - the government-backed - scheme that protects businesses against common online threats. As users progress through the toolkit's layers and gain confidence, they're building the foundations needed for Cyber Essentials, breaking down what might seem like a complex process into manageable steps that grow with their business.

If you have any issues or questions regarding any of the resources, please reach out to the Cyber Action Toolkit Team at [email protected]. We will work with you to help meet your requirements.

Guidance from the National Cyber Security Centre (NCSC)

The NCSC provides a range of free tools, guidance and support to help UK businesses make and keep themselves secure. You can find a host of information for small and medium sized organisations on the NCSC website, and links to specific guidance listed below.

  • Setting up 2-step verification

    This guidance explains how you can set up 2-step verification (2SV) on your important online accounts. Doing this makes it harder for criminals to access your online accounts, even if they know your password.

  • Three random words

    Advice on creating a strong password

  • Small Business Guide: Cyber Security

    How to improve your cyber security; affordable, practical advice for businesses. There is a PDF version available for you to download and keep.

  • Small Business Guide: Response & Recovery

    Guidance that helps small to medium-sized businesses and organisations

  • Small Charity Guide

    How to improve cyber security within your charity - quickly, easily and at low cost. Following the advice in the Cyber Security: Small Charity Guide will significantly increase your protection from the most common types of cyber crime.

  • Mitigating malware and ransomware attacks

    How to defend organisations against malware or ransomware attacks. This guidance helps private and public sector organisations deal with the effects of malware (which includes ransomware). It provides actions to help organisations prevent a malware infection, and also steps to take if you're already infected.

  • A guide to ransomware

    Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption. Guidance on ransomware has been provided by the NCSC.

  • Email security and anti-spoofing

    A guide for IT managers and systems administrators to help you secure your organisation's email systems.

  • Using Online Services Safely

    Small organisations often use online services (also known as ‘cloud services’) so they don’t have to worry about setting up and managing new IT infrastructure. This guidance will help you to use online services securely, so that you’re less likely to be the victim of a cyber attack.

  • Cloud security guidance

    How to choose, configure and use cloud services securely.

Guidance on NCSC services

  • Vulnerability scanning tools and services

    Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.

  • Protective DNS for the private sector

    Advice on the selection and deployment of protective Domain Name Systems (DNS).

  • Infographics of NCSC guidance

    The NCSC also provide a repository of useful infographics aimed at small businesses, you can find those to download and keep at:

    • Small businesses - NCSC.GOV.UK
    • Organisations and cyber security professionals - NCSC.GOV.UK