{"id":162,"date":"2024-05-02T11:42:00","date_gmt":"2024-05-02T10:42:00","guid":{"rendered":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/?p=162"},"modified":"2025-11-05T11:48:13","modified_gmt":"2025-11-05T11:48:13","slug":"ncsc-free-tools-what-is-exercise-in-a-box","status":"publish","type":"post","link":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/ncsc-free-tools-what-is-exercise-in-a-box\/","title":{"rendered":"NCSC Free Tools: What is Exercise in a Box?"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/\">The National Cyber Security Centre (NCSC)<\/a> is the UK\u2019s technical authority on cyber security, providing businesses and individuals with up-to-date guidance on all things cyber. Alongside distilling industry knowledge into practical guidance and helping respond to cyber incidents, the NCSC also provides a range of free tools and resources to help people support themselves in being safer online. One of these resources is Exercise in a Box, which helps organisations find out how resilient they are to cyber-attacks and allows them to practice how they would respond to an incident. This is an invaluable tool, particularly for SMEs, helping to strengthen cyber resilience at no cost.<\/p>\n\n\n\n<p><strong>What is Exercise in a Box?<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/section\/exercise-in-a-box\/overview\/\">Exercise in a Box <\/a>is an online tool, which is completely free to use and designed to be accessible to a non-technical audience. The service works by providing exercises that are based around the main cyber threats facing businesses. These can be accessed as many times as necessary, and require no preparation, allowing businesses to run them in their own time, at their own pace. The service works by getting users to register for a free account, allowing them to receive a personalised report upon completion, which evaluates their readiness and suggests some key ways to improve their response to a potential cyber incident.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/section\/exercise-in-a-box\/overview\/\">Exercise in a Box<\/a> provides three types of exercise, micro, table top and simulation. The types of exercise vary in duration, providing a variety of training that covers a plethora of cyber threats and vulnerabilities. Micro exercises are short and sharp and can be completed within thirty minutes. Topics covered in these succinct and interactive activities include password managers, securing video conferencing services, securing cloud productivity suites, connecting securely, using passwords, identifying, and reporting a phishing email, and responding to a ransomware attack. Table top exercises are more in-depth and take up to two hours to complete.<\/p>\n\n\n\n<p><strong>Topics covered in table top exercises include:<\/strong><\/p>\n\n\n\n<p>\u2022 Heightened Cyber Threat<\/p>\n\n\n\n<p>\u2022 Supply Chain Ransomware Attack<\/p>\n\n\n\n<p>\u2022 Supply Chain Software<\/p>\n\n\n\n<p>\u2022 Managing a Vulnerability Disclosure<\/p>\n\n\n\n<p>\u2022 Home and Remote Working<\/p>\n\n\n\n<p>\u2022 Supply Chain Risks<\/p>\n\n\n\n<p>\u2022 Threatened Leak of Sensitive Data<\/p>\n\n\n\n<p>\u2022 Bring Your Own Device (BYOD)<\/p>\n\n\n\n<p>\u2022 Third Party Software Compromise<\/p>\n\n\n\n<p>\u2022 Insider Threat Resulting in a Data Breach<\/p>\n\n\n\n<p>\u2022 Being Attacked From an Unknown Wi-Fi Network<\/p>\n\n\n\n<p>\u2022 Mobile Phone Theft and Response<\/p>\n\n\n\n<p>\u2022 A Ransomware Attack Delivered by a Phishing Email<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/section\/exercise-in-a-box\/overview\/\">Exercise in a Box<\/a> also offers a cyber threat simulation exercise, which takes between three and four hours to complete. This allows your organisation an opportunity to see if they would be able to locate and stop a cyber threat; practising your response and ensuring you would be prepared to deal with an incident- all in a safe and secure environment.<\/p>\n\n\n\n<p>Ultimately, <a href=\"https:\/\/www.ncsc.gov.uk\/section\/exercise-in-a-box\/overview\/\">Exercise in a Box <\/a>is an invaluable free tool to provide training and insight on many different cyber threats that are facing businesses. It helps to nurture the different aspects of cyber resilience, including being aware of risks, putting measures in place to limit these, and also being prepared in how you would respond if the worst was to happen. The possibility of a cyber crime can be reduced massively by making sure you know how to protect your organisation and staff online, but the risks can never be fully mitigated. Having a plan in place buys your organisation valuable time back if the worst is to happen, and can help to control any potential damage. It is a great online resource to use, and evolves based on user feedback, making sure it stays current, relevant, and engaging to its users.<\/p>\n\n\n\n<p>To find out more about <a href=\"https:\/\/www.ncsc.gov.uk\/section\/exercise-in-a-box\/overview\/\">Exercise in a Box<\/a> you can visit the NCSC\u2019s website here. To learn about other free tools available to businesses such as the <a href=\"https:\/\/www.ncsc.gov.uk\/cyberaware\/actionplan\">Cyber Action Plan<\/a> and the <a href=\"https:\/\/www.ncsc.gov.uk\/collection\/board-toolkit\">NCSC&#8217;s Board Toolkit,<\/a> visit the Free Tools section of our website, or go directly to the <a href=\"https:\/\/www.ncsc.gov.uk\/\">NCSC\u2019s website.<\/a><\/p>\n\n\n\n<p>How Can We Help at the ECRC?<\/p>\n\n\n\n<p>Alongside accessing the free resources made available by the NCSC, joining the ECRC as a <a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/join-us\/\">free member<\/a> ensures that you and your business are supported in making small changes online that make the biggest difference. Signing up enrols you onto our free email programme, which sends you bite-sized steps to take to improve your cyber resilience.<\/p>\n\n\n\n<p>Becoming a <a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/join-us\/\">member<\/a> also means you are signposted towards other options that are available, providing you with information on topics such as Cyber Essentials qualifications, and affordable cyber services.<\/p>\n\n\n\n<p>To join the ECRC as a free member, please click here. If you have any questions about the ECRC or wish to learn more about improving your cyber resilience, please<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/contact-us\/\"> book a chat with us today<\/a>!<\/p>\n\n\n\n<p><strong>Reporting a live cyber-attack 24\/7:<\/strong><\/p>\n\n\n\n<p>If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call <a href=\"https:\/\/www.actionfraud.police.uk\/\">Action Fraud<\/a> on <strong>0300 123 2040<\/strong> immediately. This service is available <strong>24 hours<\/strong> a day <strong>7 days <\/strong>a week.<\/p>\n\n\n\n<p><strong>Reporting a cyber-attack which isn\u2019t ongoing:<\/strong><\/p>\n\n\n\n<p>Please report online to <a href=\"https:\/\/www.actionfraud.police.uk\/\">Action Fraud<\/a>, the UK\u2019s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.<\/p>\n\n\n\n<p>Alternatively, you can call <a href=\"https:\/\/www.actionfraud.police.uk\/\">Action Fraud <\/a>on <strong>0300 123 2040<\/strong> (textphone <strong>0300 123 2050<\/strong>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The National Cyber Security Centre (NCSC) is the UK\u2019s technical authority on cyber security, providing businesses and individuals with up-to-date guidance on all things cyber&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-162","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"acf":[],"_links":{"self":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/posts\/162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/comments?post=162"}],"version-history":[{"count":1,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/posts\/162\/revisions"}],"predecessor-version":[{"id":163,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/posts\/162\/revisions\/163"}],"wp:attachment":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/media?parent=162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/categories?post=162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/eastcrc\/wp-json\/wp\/v2\/tags?post=162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}