Skip to content

Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack. It is completely free, and you don’t have to be an expert to use it. The service provides exercises, based around the main cyber threats, which your organisation can do in your own time, in a safe environment, as many times as you want.

Why should you do it?

Charities, small businesses, and public sector organisations hold just as much sensitive data as large organisations, but rarely have the same resources for securing it. Most organisations know that the Information Commissioner’s Office can issues fines of up to £17.5 million following breach of sensitive data, but did you know individuals can file separate claims for compensation? Sensitive data is even being stolen and used to extort charities for millions in ransom payments.  

Using the Sensitive Data Leak scenario from the National Cyber Security Centre’s Exercise in a Box toolkit, our team of Ethical Hackers will challenge your data protection policies and processes in a discussion based exercise aimed at improving your organisation’s resilience to extortion and sensitive data leaks. 

This exercise is split up into 3 injects, with several discussion points covering a variety of topics, including:

  • Your organisation’s logging and monitoring of internal sensitive data 
  • Your processes for securely offboarding a disgruntled employee 
  • Internal escalation of a security incident and the legal considerations

*Please note our current offering is for Public and Third sector organisations. Private sector organisations can book a session by emailing [email protected]

This session is now fully booked, to be placed on our waiting list email [email protected].

9:30 am