With all the competing time and budget demands on charities, cyber security is something that’s often not approached very proactively.
This is ironic when you consider the vulnerable nature of a lot of charity service users and the sensitive nature of the data they process.
If charities want to meet the Charity Commissions core responsibilities around cyber security for charities, they can’t afford to leave it to chance or shift all responsibility to someone external – it’s a charity’s trustees and leaders who are culpable if the worst should happen (and it happens more often than it should), so it’s their job to have at least a basic understanding of the vulnerabilities their charities face.
Fortunately, there are a number of easy to digest and low-cost resources on the web where charities can brush up on their knowledge.
Charity Digital News has listed the main hubs of cyber security information for charities below.
NCSC – Cyber security small charities guide
The National Cyber Security Centre (NCSC), part of national security centre GCHQ, provides advice and support for the public and private sector on avoiding data security threats – they are your go-to source for plain English cyber security information.
Their guide specifically for small charities summarises low cost, simple techniques to improve cyber security within charities, and is available as a handy PDF guide to download, as well as an infographic with just the main points – worth printing and sticking to the wall!
NCSC – 10 steps to cyber security
The NCSC’s ’10 steps to cyber security’ are not charity-specific but catered towards the boards of all organisations. The government-issued information on this website revolves around ten key steps to a sound security strategy, such as configuring your systems and networks securely, managing user privileges, educating staff, using the right malware protection, and ensuring data is protected when out and about.
There is a high-level PDF as well as more in-depth technical advice sheets on each step, and the site provides a good overview on why protecting your data is a board-level responsibility.
NCSC – Cyber Essentials
Following on from the ‘ten steps’, the government’s Cyber Essentials scheme offers practical, step-by-step advice on what basic controls to put in place to protect your data, jargon free and on a single webpage – there is also a handy checklist at the end to check your progress.
Organisations can apply to be Cyber Essentials certified, working at a pace to suit them, providing certainty to potential partners and service users that their IT is suitably secure (certification is audited every 12 months by the NCSC and costs £300).
To read the full Charity Digital News article click here.