Safer, Stronger Communities

Category Archives

What Is GDPR and How Will It Affect My Charity?

In the first of a series looking at GDPR and what it means for charities, Andrew Cross, Data and Insights Lead at Lightful, one of the only GDPR Certified Practitioners in the beyond profit sector, explores the basics of the new regulations.

If you’ve not heard of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, then where have you been hiding? OK, so maybe you’ve heard of it but not actually done anything about it yet. Don’t worry, it isn’t too late to read up and start on the road to compliance.

GDPR is a replacement to the Data Protection Act (DPA, 1998). It aims to standardise the way Personally Identifiable Information (PII) is dealt with in terms of Data Controllers (i.e. organisations that collect personal data) and Data Processors (i.e. a third party you share data with) and that exist within the EU or countries operating outside of the EU that process data on EU nationals. If you are processing personal data within the UK, we advise that you register with the ICO as soon as possible.

Ultimately it gives back control and ownership of data to the individual. In terms of compliance, this should be what you adhere to now; however, it does not come into enforcement until the 25 May 2018.

Data controllers vs processors
Let’s take Charity A as an example. This charity will generally be considered a Data Controller, collecting the data of supporters in order to engage and communicate with them in a variety of ways. One of these ways may be to send out direct mail via a fulfilment house (which would take on the role of a Data Processor). The vast majority of charities will fit into the Data Controller category and will be ‘processing’ some data even if it that means just ‘storing’ the information.  And it isn’t just supporter data; it also applies to staff data, service user data, trustee data etc.

I hate to break it to you but…
GDPR doesn’t just affect the charity sector. It’s sector-wide. It affects every organisation- no matter your size or whether or not you have a ‘data person’, so decide now who is going to lead on GDPR compliance in your organisation. And… if you fall foul of the law, you will face consequences, which could include a fine from the ICO, enforcement notices, audits and even possible prosecution. Read more about the action the ICO could take.

To read the full Charity Digital News Article click here.


Reasons Why Cyberattacks Succeed Are Revealed

Security professionals have named the main reasons why cyberattacks are successful, providing an insight into the areas charities need to protect.

Malware protection specialist Lastline surveyed attendees at the Black Hat 2017 security conference and found that nearly 55% of respondents have suffered a cyberattack within their respective organisations, with 20% being hit with ransomware. While human error is a contributing factor behind these attacks, the survey also found scarce resources to help security teams respond, and a lack of best practices being implemented to prevent future attacks.

Results of the survey include:

  • Human error continues to be a key cause of cyberattacks: 84% of respondents whose company has suffered a cyberattack attribute it, at least in part, to human error, likely exacerbated by understaffed security teams and a flood of alerts and false positives. 43% say technology detected the attack but the security team took no action, while another 41% attribute the attack to a combination of technology and human error.
  • Ransomware is on the rise, but not necessarily effective: One in five organisations has been victimised by ransomware. Of those hit, just eight percent actually paid the ransom while nearly two-thirds refused.
  • Information resources to understand and mitigate attacks are scarce: Overall, 42% of respondents have no helpful source about the specific attack and are left to figure it out themselves, while 52% seek online information from security experts and vendors, and another 19% rely on peers.
  • Organisations are playing roulette with infected computers: Only 28% of respondents follow best practices and erase and rebuild a computer’s software after a potential malware attack. Seventy percent either manually erase (46%) or rely on AV tools to identify and clean the malware (24%), often resulting in the malware staying in place on the infected machine to continue its attack.
  • Cybercrime: risk versus reward: Despite the recent rise in ransomware, just one percent believes it is the most profitable crime with the lowest risk of getting caught. That distinction goes to cyber espionage (43%) followed by enterprise financial fraud/embezzlement (31%), and identity theft and online banking fraud (25%).
  • The case for preemptive hacking: When questioned whether hackers should be hired to test security systems, six out of ten respondents were open to the idea, suggesting a willingness to try every possible resource to ensure effective security. Only 43% responded with a definite “no.”

“The threat of a cyberattack is something that organisations have to deal with on a daily basis,” said Christopher Kruegel, CEO, Lastline. “This survey highlights the need to adopt best practices and equip security teams with better tools to eliminate false positives and provide crucial information to help them prioritise and address those events that present the highest potential risk.”

Source: Charity Digital News Article.

 


From Me to We: The Benefits of Collaboration (Infographic)

Trends are always coming and going, but one that’s seemingly here to stay is the focus on workplace collaboration and engagement. It’s a popular trend for the charity sector too, with many charities building IT strategies around collaboration. A good example can be found in our interview with The Big Issue.

This trend has shifted the focus away from individuals and onto teamwork, as highlighted in this infographic by PGi, the provider of collaboration software and services. Highlighting the benefits of collaborative working, it’s well worth a look.

To view the Charity Digital News Infographic image click here.

 


Sandwell Safer 6 Campaign to launch with Fire Station Open Day

Sandwell’s autumn Safer 6 campaign is back – and launches with an action-packed open day for all the family at Haden Cross Community Fire Station on Saturday 23 September. The Safer Sandwell Partnership campaign, now in its eighth year, runs for six weeks and includes a focus week for each of the six towns.

Safer 6 is all about partner organisations targeting their efforts and providing extra reassurance during the darker nights, fireworks and bonfire season – a time when crime and anti-social behaviour can rise.

Sandwell Mayor Councillor Ahmadul Haque MBE will officially launch the campaign at a special open day at 10.30 am on Saturday 23 September. The event at Haden Cross Community Fire Station, Halesowen Road, Cradley Heath, runs from 10 am to 4 pm and everyone is welcome.

Get crime prevention advice from West Midlands Police and Sandwell Crime Prevention Panel, watch a chip pan fire demonstration by West Midlands Fire Service and check out Sandwell Council’s Youth Bus promoting young people’s services.

Enjoy music with Black Country Radio and learn about getting fit and active with Sandwell Leisure Trust.
Attractions include face painting, glitter tattoos, a bouncy castle, dance, make-up sessions, a raffle, refreshments and much more.

Each town will have a focus week during the campaign, as follows.
• 25 September to 1 October: Rowley Regis
• 2 – 8 October: Oldbury
• 9 – 15 October: Tipton
• 16 – 22 October: West Bromwich
• 23 – 29 October: Wednesbury
• 30 October – 5 November: Smethwick

Look out for details of activities in your town over the coming weeks at www.sandwell.gov.uk/safer6

Follow the campaign on Twitter using the #Safer6 hashtag.


GM2LF Crime Prevention Events

The Grace Mary to Lion Farm Big Local Partnership is working with the local police and Citizens Advice Sandwell, to help prevent crime in your area.

GM2LF Partnership invite you to go along to one of the crime prevention briefing events on 13, 26 & 27 September and 5 October. You can register for a crime pack on:

• Vehicle Prevention
• Burglary Prevention
• Shed Prevention

Click here to find out the venues of the briefings

Visit GM2LF’s website


Government Commits to Strengthening UK Data Protection Law

In a statement of intent the Government has committed to updating and strengthening data protection laws through a new Data Protection Bill – a move that will have an impact on the charity sector and how it manages data.

The new bill, the government says, will provide everyone with the confidence that their data will be managed securely and safely. Research shows that more than 80% of people feel that they do not have complete control over their data online.

Right to be forgotten
Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood.

The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17m or 4% of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will:
• Make it simpler to withdraw consent for the use of personal data
• Allow people to ask for their personal data held by companies to be erased
• Enable parents and guardians to give consent for their child’s data to be used
• Require ‘explicit’ consent to be necessary for processing sensitive personal data
• Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
• Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
• Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
• Make it easier for customers to move data between service providers

To read the full Charity Digital News article click here.


Thousands More People To Get Online Thanks To National Lottery Funding

A pioneering initiative that supports people to improve their digital skills is being extended for a further three years thanks to £4m of National Lottery funding from the Big Lottery Fund.

The programme, One Digital, aims to support people to get online or to develop their basic digital skills through the help of Digital Champions, who have been trained to provide one-to-one support. This second phase of funding will be used to expand the programme and transform digital skills. It aims to reach another 40,000 people through 4,000 Digital Champions, improving the digital skills of those who can benefit most.

Results from the programme’s first phase found that of those surveyed, more than 80% said they have more confidence in their basic digital skills, a better understanding of the benefits of digital technologies, and increased motivation to use them.
One person said: “It has changed my life. I had no confidence in myself. But once I learned to use the iPad, to get in touch with people, I actually started to do things that I have always wanted to do but have never had the confidence to do. I am learning to swim! And I have joined an art class. All because I got a bit more confidence in myself through going to the computer sessions.”
Together, One Digital will benefit young adults seeking work, over 65s, charities and the people they support. Having better digital skills and more confidence will enable people to access essential online services, search and apply for jobs and stay in touch with friends and family.

Steve Hampson, Head of Innovation & Programmes at Age UK, said: “Being confident in your own digital skills isn’t just a nice to have; improved digital skills enable people to apply for jobs, pay bills and get the most cost-effective goods and services.
“The success of the first phase of One Digital shows just how much can be achieved when diverse organisations work together. We’re particularly pleased to have established a strong cohort of Digital Champions with a common and active interest in supporting digital inclusion. We look forward to the second phase of One Digital which will enable us to support many more people to get online, learn new skills and get more out of the digital world.”

Joe Ferns, Big Lottery Fund UK and Knowledge Director, said: “It’s important people of all ages have the opportunity to develop the right digital skills. This National Lottery funding will enable communities across the country to learn from one other and confidently navigate the digital world, whether it’s accessing online services or connecting with friends.”

The consortium partners include Age UK, Citizens Online, Clarion Housing Group, Digital Unite and the Scottish Council of Voluntary Organisations, and the service will be delivered through hundreds of local organisations, enabling even more people to get involved.

Source: Charity Digital News


Organisations Failing to Measure Cybersecurity Effectiveness

Charities are being encouraged to measure the effectiveness of their cyber security investment after new research suggested organisations are failing to check if they’re spending money well.

Thycotic’s first annual 2017 State of Cybersecurity Metrics Report found that more than half respondents in the survey (58%), scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

The survey, which analyses key findings from a Security Measurement Index (SMI) benchmark, is based on internationally accepted standards for security embodied in ISO 27001, as well as best practices from industry experts and professional associations.

With global companies and governments spending more than $100 billion a year on cybersecurity defences, a substantial number, 32% of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, more than 80% of respondents fail to include business users in making cybersecurity purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.

Additional key findings from the report include:
• One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
• Four out five companies don’t know where their sensitive data is located, and how to secure it.
• Four out of five fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
• Two out of three companies don’t fully measure whether their disaster recovery will work as planned.
• Four out of five never measure the success of security training investments.
• While 80% of breaches involve stolen or weak credentials, 60% of companies still do not adequately protect privileged accounts—their keys to the kingdom.
• Small businesses are targeted in two out of three cyberattacks.
• Sixty percent of small businesses go out of business six months after a breach.

“It’s really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices,” said Joe Carson, Chief Security Scientist at Thycotic. “This report needed to be conducted to bring to light the reality of what is truly taking place so that companies can remedy their errors and protect their businesses.

“We put out this report not only to show the errors that are being made, but also to educate those who need it on how to improve in each of the areas that are lacking. “Our report provides recommendations associated with better ways to educate, protect, monitor and measure so that improvements can be implemented.”

To download the full 2017 State of Cybersecurity Metrics Report and view all the findings from the Security Measurement Index benchmark survey, click here.

Source: Charity Digital News


Preparing for GDPR and Data Protection Reform

As of 25th May 2018, every organisation that holds personal client data must become compliant with the new GDPR regulations. We know that understanding how these new regulations will effect your organisation’s processes can be difficult, but NCVO have helpfully compiled a ’12 Point Plan’ (based on the ICO guidance) to assist you in adopting these new regulations into practice.

1 – Make sure the right people in your organisation know this is coming
Your trustee board and senior staff should be aware that the law is changing.  They need to know enough to make good decisions about what you need to do to implement GDPR. They need to be aware that implementation may take considerable time and effort and add data protection to your risk register if you have one.

2- Identify what data you hold and where that data came from
If you don’t know what personal data you hold and where it came from you will need to organise an audit of your different systems and departments to find out. This means all personal data including employees and volunteers, service users, members, donors and supporters and more. You should document your findings as GDPR means you must keep records of your processing activities.  You should also record if you share data with any third parties.

3 – Update your privacy notices
You must always tell people in a concise, easy to understand way how you intend to use their data. Privacy notices are the most common way to do this. You may well already have privacy notices on your website for example but they will all need to be updated. Under GDPR privacy notices must give additional information such as how long you will keep data for and what lawful basis you have to process data. The ICO has guidance on GDPR compliant privacy notices.

4 – Check your processes meet individuals’ new rights
GDPR will give people more rights over their data. For example GDPR gives someone the right to have their personal data deleted. Would you be able to find the relevant data and who would be responsible for making sure that happened? Get to know the eight rights and have the systems in place to be able to deliver on each of them.

5 – Know how you will deal with ‘subject access requests’
Individuals have the right to know what data you hold on them, why the data is being processed and whether it will be given to any third party. They have the right to be given this information in a permanent form (hard copy). This is known as a subject access request.  Your organisation needs to be able to identify a subject access request, find all the relevant data and comply within one month of receipt of the request. The ICO gives guidance on handling subject access requests.

To read the full article from NCVO please click here.


Charities Could Lose a Third Of Staff If They Don’t Get A Grip On Digital Skills

The government has signalled its intention for the UK to lead on technology: its digital strategy, published earlier this month, commits to training millions of people. Yet little has been done to map the current state of digital skills in charities.

Earlier this year we surveyed the sector for our charity digital skills report on how charities are using technology and the challenges they face. Almost 500 charity professionals from a range of organisations across the UK responded. The results are worrying.

Our report shows that the sector is struggling as skills gaps and a lack of funding seriously impede progress. Charities told us they fear missing out on fundraising opportunities if their organisations do not get to grips with digital, and could lose touch with their supporters. A significant number of staff are considering leaving if progress isn’t made.

Main Findings

A lack of digital strategy is hampering charities’ progress: 50% of charities don’t have one. Yet 80% of respondents to our survey want their leadership team to provide a clear vision of digital and what it could help them achieve, while 66% want a good digital strategy – so this is not due to a lack of willing.

Without a digital strategy in place, time and money can be wasted on digital activities that become an end goal in themselves. A good strategy involves thinking more comprehensively about how digital can help achieve your charity’s goals and how to get there.

The reason why some charities don’t have a strategy seems to be partly because they don’t see digital as a priority. Of the charities surveyed 50% told us that they are facing other challenges, all of which are seen as more important. Dave Evans, product marketing manager at Skills Platform, says “digital appears to be pushed down the priority list. One respondent told us that boards and senior managers dismiss it as just being about social media or websites. Digital skills should really be seen as business skills.”

66% of charities are worried that they remain unprepared for the shift towards digital fundraising.

View the full report of the Charity Digital survey results click here.

To read the full Guardian Voluntary Sector Network article click here.


Page 1 of 7123...Last