"so if gchq are in the business of protecting the nation"
You might want to read up on this part of GCHQ - https://www.cesg.gov.uk/Pages/homepage.aspx (Just ignore the .aspx bit, I'm sure they are jolly secure)
They have created a security qualification called "Cyber Essentials" (and Plus) and provided a framework for accreditation etc etc. It's not bad. Download their self assessment sheets and follow them through at home and work (if you can). It's a very good first start.
If everyone passed that in the UK then all we'd have to worry about is our own govt and assorted agencies. Divide and conquer: simples!
(No I haven't read the whole article - just got here from /. )
Biting the hand that feeds IT
