The National Cyber Security Centre: Staying Safe Online
The National Cyber Security Centre produces a lot of great information to help understand cyber security, and distils this knowledge into practical guidance that we make available to all. The centre responds to cyber security incidents to reduce the harm they cause to organisations and the wider UK.
Launched in October 2016, the NCSC has headquarters in London and brought together expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure (which became the National Protective Security Authority, NPSA, in March 2023)
The NCSC provides a single point of contact for SMEs, larger organisations, government agencies, the general public and departments. We also work collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners.
Here are a number of tips to ensure you are doing all you can to secure you and your family online.
Protect your email by using a strong and separate password
Cyber criminals can use your email to access many of your personal accounts, always us a strong password, leaving you vulnerable to identity theft.
Install the latest software and app updates
Software and app updates contain vital security updates to help protect your devices from cyber criminals.
Turn on 2-step verification (2SV)
2-step verification is recommended to help protect your online accounts.
Password managers: how they help you secure passwords
Using a password manager can help you create and remember passwords.
Backing up your data
Safeguard your most important data, such as your photos and key documents, by backing them up to an external hard drive or a cloud-based storage system.
Three random words
Use three random words to create a password that’s difficult to crack.
Staying Educated & Informed
Continuous education in cybersecurity helps individuals develop a proactive mindset, enabling them to recognise potential threats and take preventive measures to safeguard their digital assets. Ongoing education ensures that their cybersecurity measures are up-to-date and effective in mitigating risks. It allows them to implement robust security protocols, conduct regular risk assessments, and train employees to be vigilant against emerging threats.
What are the cyber security risks in using AI?
Generative AI (and LLMs in particular) is undoubtedly impressive in its ability to generate a huge range of convincing content in different situations. However, the content produced by these tools is only as good as the data they are trained on, and the technology contains some serious flaws, including:
>>> it can get things wrong and present incorrect statements as facts (a flaw known as ‘AI hallucination’)
>>> it can be biased and is often gullible when responding to leading questions
>>> it can be coaxed into creating toxic content and is prone to ‘prompt injection attacks’
>>> it can be corrupted by manipulating the data used to train the model (a technique known as ‘data poisoning’)
Prompt injection attacks are one of the most widely reported weaknesses in LLMs (this is when an attacker creates an input designed to make the model behave in an unintended way. This could involve causing it to generate offensive content, or reveal confidential information, or trigger unintended consequences in a system that accepts unchecked input).
Data poisoning attacks occur when an attacker tampers with the data that an AI model is trained on to produce undesirable outcomes (both in terms of security and bias). As LLMs in particular are increasingly used to pass data to third-party applications and services, the risks from these attacks will grow, as we describe in the NCSC blog ‘Thinking about the security of AI systems’.
AI systems are subject to novel security vulnerabilities that need to be considered alongside standard cyber security threats. When the pace of development is high – as is the case with AI – security can often be a secondary consideration. Security must be a core requirement, not just in the development phase, but throughout the life cycle of the system.
Visiting the National Cyber Security Centre
For more information we would reccommend you visit the National Cyber Security Centre website. One specific area we would suggest is essential reading is the page on Active Cyber Defence (ACD), which seeks to reduce the harm from commodity cyber attacks by providing tools and services that protect from a range of attacks.