10 steps to cybersecurity

In order to help UK companies, including law firms, remain ahead of emerging cyber threats, the National Cyber Security Centre (NCSC) has refreshed its guidance. Jonathan Ashley, director at etiCloud, outlines the key changes.

colleagues around a laptop with cybersecurity symbols on the right

The NCSC’s 10 steps to cybersecurity is a collection of advice specifically created to support information security officers and cyber professionals, and ensure their business is safe and protected from cyberattack.

The 10 steps provide a summary of the key areas that medium to large organisations must consider in relation to cybersecurity, including:

  • asset management
  • engagement
  • training
  • data security
  • incident management

In one of the steps, the NCSC advises that every business should start by reviewing their approach to risk management. That means taking a risk-based approach to securing data and systems to make sure the firm is prepared for every cybersecurity eventuality.

The other nine steps address technology, systems and information and how to ensure each is protected against cyberattack; thus allowing the company to achieve its business objectives.

Updates to the NCSC’s 10 steps to cybersecurity

Presented at CYBERUK, the original 10 steps to cybersecurity were first published in 2012.

Each of the steps has been updated in line with the NCSC’s wider cybersecurity guidance.

The updated steps reflect:

  • the challenges associated with the increased use of cloud services
  • the ever present and changing nature of ransomware attacks
  • the rise in homeworking across all industry sectors caused by the pandemic

Key points to note are that the steps now address selected topics, such as data protection, in more detail.

The NCSC has also included a new section relating specifically to supply chain security because of the rise of these types of cyber incident.

However, the basics of good cyber prevention and practice remain as follows:

  • understand your organisation’s risks
  • implement appropriate mitigations
  • be prepared for cyber incidents

Unfortunately, there is no point pretending cyberattacks aren’t real – they are. They have the potential to be extremely damaging both financially and reputationally for any law firm, irrespective of size or turnover.


etiCloud is an affiliate partner of the Law Society. etiCloud are already delivering flexibility through their agile digital workplace for over 200 UK law firms in the SME market.

Find out more about etiCloud

Maximise your Law Society membership with My LS