Cyber Security in the Third Sector
We live in one of the most open digital societies in the world. This brings lots of opportunities, but it also makes us vulnerable to the ever-evolving cyber-attacks that seek to defraud, extort, exploit, steal information, damage or disrupt businesses and organisations of all sizes and across all sectors. This includes the Charity and Voluntary sector – although many organisations feel that, as a third sector organisation, they won’t be targeted. Sadly, cyber criminals don’t care!
Any organisation connected to the internet is vulnerable to cyber-attacks. This can be either targeted or non-targeted attacks. It’s a fact of digital life. Cyber-attacks are simply one of the risks of doing business and communicating in a digital age and this risk should be managed in line with other organisational risks.
With that said, undertaking some simple measures to improve your IT network security and undertaking some training and awareness for staff and volunteers is a good place to start. And never fear – a lot of this isn’t as costly or as complicated as you think it might be. It’s just knowing where to start.
The first port of call (and the main giver of information that we refer to as a “trusted source”) is the National Cyber Security Centre (NCSC). This was established in 2016 as part of GCHQ and it has the massive mission of making “the UK the safest place to live and work online”. NCSC has compiled a huge collection of resources to help third sector orgs. The Small Charity Guide is an excellent entry point and the e-learning Top Tips training is a brilliant introduction that staff and volunteers can absorb at leisure. This provides a great introduction to the cyber security topics and will significantly increase your protection from the most common types of cybercrime. If getting Board engagement is more of an issue for your charity, the Board Hub on the NCSC website has some great resources, with briefing packs and handy presentations to start that conversation.
Closer to home and with a distinctly Scottish feel, SCVO has some great “How to guides” and the fantastic Cyber Health Check tool on their website. This tool is a great place to start – spending 15 minutes going through the (non-technical) questions gives you a report which highlights the areas in which you need to improve. Better still, a follow up call with a cyber expert can be arranged – this gives you support for your next steps and how you can access technical advice or further training.
I think, in closing, it’s important to reiterate that cyber security IS important, but you never need to feel alone. There are many people available to help you. They understand that charities don’t have huge budgets to spend on security and can help you take those first steps in a supported way. Check out the resources highlighted here today.
Guest blog from Alison Stone, Data Protection Analyst EMEA at LumiraDx.
Photo by Towfiqu barbhuiya on Unsplash