How to Apply the New National Cyber Security Centre (NCSC) Toolkit to Your Business

The UK’s top cybersecurity specialists urge business executives to take a more active role in boosting their organisation’s cybersecurity as online threats continue to skyrocket.

The National Cyber Security Centre, part of GCHQ, has released new resources as part of its Cybersecurity Board Toolkit to help businesses become more secure.

This updated Board Toolkit is designed to assist board members and senior leaders across medium and large organisations to be more confident in discussing cybersecurity with key stakeholders.

While most board members do not have to be cybersecurity experts, they should know enough to discuss issues with critical personnel. The Board Toolkit helps members better understand the organisation’s cyber risk profile.

Here is a closer look at the refreshed recommendations and how working with cybersecurity experts can help your business and board members successfully govern online risk.

Create the Right Environment

Embedding Cybersecurity into Your Organisation: Cybersecurity goes beyond having “good IT” in the workplace. It should be integrated into risk management and decision-making, and all business divisions should know their cybersecurity responsibilities.

  • Thrive addresses cybersecurity gaps in your organisation by providing various expert, professional, and consultative services with an agnostic approach to identifying and prioritising risks that drive business decisions.

Developing a Positive Cybersecurity Culture: Security culture defines how employees should think about and approach security in an organisation. People, not just technology or processes, keep an organisation secure.

  • At Thrive, we provide employee training and education to help them understand the importance of cybersecurity and how to identify and prevent attacks. Building a security culture and reducing the risk of human error are now more essential than ever.

Growing Cybersecurity Expertise: Senior management should invest in staff, hire outside experts, and build a talent pipeline with specialised cybersecurity knowledge.


Get the Right Information to Support Decision Making

Identifying Critical Assets in Your Organisation: Risk management requires understanding how technical assets support business goals. The board must convey critical objectives to technical experts.

  • At Thrive, our cybersecurity services begin with comprehensive risk assessments to help businesses understand their unique vulnerabilities and develop a bespoke plan to protect them.

Understanding the Cybersecurity threat: Prioritising threats is necessary to avoid ineffectively defending against everything. It is essential to keep current, identify threats, and undertake threat assessments routinely.

  • With multi-layered end-user protection, Thrive protects your organisation in real-time to identify attacks and mitigate breaches. We provide holistic security solutions for your organisation to protect sensitive data in the Cloud and at all end-user access points.

Risk Management for Cybersecurity: Cybersecurity risk should be included in your overall risk management strategy rather than treated as a single topic (or as only an IT risk).


Take Steps to Manage Those Risks

Implementing Effective Cybersecurity Measures: Basic cybersecurity measures can limit cyber assaults and their reputational, financial, and legal effects. However, you must also customise your defences to your organisation’s top threats.

  • Thrive offers 24x7x365 monitoring and detection with top-of-the-line technology, ensuring that businesses are always protected.

Collaborating with Your Supply Chain and Partners: Building a clear picture of your suppliers (and working with them to establish their sub-contractors) is critical to gaining assurance that threats from the supply chain are understood and risks mitigated.

  • As a business, you need the best cybersecurity resources, trusted external partners, and the latest technology platforms that help to discover operational security gaps. Thrive helps develop a comprehensive action plan to remedy and mitigate threats.

Planning Your Response to Cyber Incidents: Cybersecurity events can cost an organisation money, productivity, reputation, and customers. Being prepared to recognise and promptly respond to problems can prevent the attacker from doing further harm and limit the financial and operational impact.

  • Besides data and revenue loss, your business could lose customer trust and have a tarnished brand reputation. Thrive’s disaster recovery services have helped companies recover quickly and minimise downtime.


Contact Thrive today to learn how we can help your business stay secure in today’s digital age.

6 top IT trends experts believe we’ll see in 2023

Meanwhile, there have been concerns around a skills shortage in IT. Rusty King, CTO of the European division of managed services company Thrive, said this has made companies eager to retain their existing IT staff.

King said this desire to retain staff is also linked to the ongoing cost-of-living and energy pricing crisis.

“Match this up with home or hybrid working practices in place from the pandemic and the introduction of a younger workforce with different desires and collaboration practices, we will see far more ingenious flexible working patterns and locations,” King said.

King added that this could lead to more professional services-as-a-service opportunities for managed service providers (MSPs), in order to provide “some stability in case of IT team losses”.

2023 threat predictions: Beware ‘economic uncertainty’ for the cybersecurity community

End-users are the top cybersecurity threat in 2023, says Chip Gibbons, CISO at Thrive:

Business Email Compromise (BEC) will continue to be a top attack method from cyberattackers and the easiest way into an organization. With the increase in zero-day attacks, people are going to be looking at reducing their externally available footprint. Multi-factor authentication (MFA) will be ubiquitous, and nothing should be externally available without it.

10 Top Cybersecurity Predictions for 2023

“MFA will be ubiquitous and nothing should be externally available without it,” said Chip Gibbons, CISO at Thrive, a provider of next-gen managed services.

14 lessons CISOs learned in 2022

“The Log4j vulnerability was a wake-up call for a lot of people in the industry,” says Chip Gibbons, CISO at Thrive.

Thrive to shift managed service M&A focus to Southeast, Midwest, and abroad, CEO says

Thrive Operations, a private equity-backed IT managed services and consulting provider, is in
active conversations with four targets as it focuses on new domestic and international
geographies, said CEO Rob Stephenson.


A Nottingham-based IT support company has been snapped up by US cybersecurity and digital transformation specialist Thrive.

Thrive’s Acquisitive MSP Strategy Jelling With Custard Technical Buy

‘It’s the wild, wild West in terms of managed services and managed security services,’ says CEO Rob Stephenson after his firm’s acquisition of U.K. firm Custard Technical Services.

Thrive Acquires Custard Technical Services to Expand U.K. and Global Footprint

Thrive, number 50 on the Channel Futures MSP 501 list, has acquired U.K.-based Custard Technical Services. Custard specializes in managed services in the East Midlands and surrounding areas. The acquisition is designed to allow clients of Custard to benefit from Thrive’s managed cybersecurity, cloud services, and automation platform.

The Single Cause Behind Most Vulnerabilities and How to Solve It

Having been involved in hundreds of vulnerability assessments I can confidently say that most issues have a single underlying source.  The discovered vulnerability could be an increased risk of ransomware exposure, buffer overflows, elevation of privileges, denial of service, weak encryption, etc.  Regardless of the diversity of the vulnerabilities, there is commonly a single deficiency within the organization that led to the risk.  It is a crucial component of any solid cyber security framework, yet it remains one of the least appreciated and maintained areas of Information Technology.  By now, you may have guessed, that I’m referring to patch management.

Inevitably, a vulnerability assessment will overturn workstations, servers, switches, firewalls, routers, wireless access points, hypervisors and countless other devices which all need to be patched. Consequently, the IT department is consumed with months of maintenance windows to get everything updated.  After many late nights, every piece of infrastructure is finally fully patched.  The IT department can finally get a good night’s sleep!  Unfortunately, it won’t last long because while all of those patches were getting installed more vulnerabilities were discovered which will require more patching.  This is the never-ending struggle of patch management.

It’s true that most IT departments have a pretty good handle on patching workstations and servers by leveraging automated patching solutions.  However, that addresses only a small piece of the typical IT infrastructure.  What’s a sleep deprived IT department to do to keep up with the tidal wave of patches? It’s simple, embrace Thrive’s NextGen services.

  • Offload all server and hypervisor patching responsibility by transferring workloads to one of Thrive’s many cloud solutions.
  • Deploy ThriveCloud managed firewalls, switches and wireless access points to allow for automated patch and firmware deployments during scheduled maintenance windows.
  • Leverage Thrive’s 3rd party patching solution to update often overlooked and highly vulnerable software like Java, Acrobat and Zoom.

For more information on Thrive’s NextGen managed services, CONTACT US TODAY!