Policy

Tag Archives

A Cloud Security Checklist for Charities

It would not be an exaggeration to call it “the cloud revolution” – cloud platforms and services such as Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platforms as a Service (PaaS) have enabled organisations of all kinds to take advantage of on-demand computing power, storage and tools that would previously be unimaginable for all but the biggest budgets.

The cloud is an absolute no-brainer for charities running digital services, websites or infrastructure, but for organisations that handle sensitive constituent and donor data, security is the first concern.

Storing data in the cloud is generally safer than keeping it locally for the simple reason that major cloud providers are held to strict standards to be able to operate, and these include being responsible for customers’ data in their datacentres. As a cloud infrastructure customer, you fortunately inherit the best practises of that vendor around policies, architecture and processes built to keep security-sensitive organisations’ data safe.

However, there are a few vital checks you should make before taking the plunge with a cloud vendor:

1. Verify your provider

A provider should be able to demonstrate their adherence to security standards and best practises by showing that they comply with industry-recognised standards.

Security schemes like ISO 27001 or certification under the government’s Cyber Essentials Scheme are good ones to look out for, but there are multiple.

The Cloud Industry Forum, a professional membership body for cloud providers, lists a few of the most common security certifications and regulatory standards on its website.

To read the full Charity Digital News Article click here.

Source: Charity Digital News


Queen’s Speech Commits Government to Online Harms Law

The Government has committed itself through the Queen’s Speech to bringing in online harms legislation to protect children and vulnerable adults from digital threats.

The protection measures, outlining tougher checks on social media platforms to prevent online abuse, had been introduced by the government in April 2019 through an online harms white paper.

In this week’s Queen’s Speech the government has confirmed that it “will develop legislation to improve internet safety for all”.

“Britain is leading the world in developing a comprehensive regulatory regime to keep people safe online, protect children and other vulnerable users and ensure that there are no safe spaces for terrorists online,” states the Queen’s Speech, which was introduced into parliament on Thursday following the Conservative Party’s general election victory this month.

It adds: “ The April 2019 online harms white paper set out the government’s plan for world-leading legislation to make the UK the safest place in the world to be online. The government will continue work to develop this legislation, alongside ensuring that the UK remains one of the best places in the world for technology companies to operate.”

The white paper measures had received the backing of a number of charities supporting vulnerable people from internet harm, in particular relating to children at risk from sex offenders.

The proposals include appointing an independent regulator to ensure tech companies have a duty of care towards their users.

To read the full Charity Digital News article click here.

Source: Charity Digital News


The Best Cyber Security Tools for Charities

Charity Digital News has taken a look at some of the best cyber security tools available to charities – from general security to password management and measures against phishing.

Charities offer the potential of rich pickings for hackers and cyber criminals for several reasons. They often store large amounts of valuable data about supporters, they may control significant amounts of money raised from those supporters, and 44% of charities don’t protect themselves with the right cyber security tools since they don’t believe they are at risk.  That may explain why 22% of UK charities faced cyber attacks last year.

Risk management

It’s also true that many charities have a limited number of IT staff, and those staff may have a small cyber security budget compared to large businesses. That means it is essential for charity leaders to deploy that budget as effectively as possible to minimising the risk of cyber security breaches by mitigating the most common vulnerabilities.

Phishing, malware and ransomware

For many charities, the most likely form of cyber attack that they will encounter is a phishing attack, which involves criminals sending out fraudulent emails. 81% of charities reported receiving phishing emails last year. These emails often contain links to websites that imitate the websites of banks and other financial institutions to enable criminals to steal login names and passwords.

They may also include attachments that are infected with viruses and other malware such as keyloggers, which steal user names and passwords from an infected computer, and ransomware, which can spread around a charity’s network and encrypt the data on all the computers it encounters. The cyber criminals then demand a ransom, usually payable in cryptocurrency, to restore the systems to working order.

Date exfiltration

Criminals may also exploit vulnerabilities in software used by charities to gain entry to the charity’s computer network. Once they have infiltrated the network they will typically search for databases and stores of valuable information and exfiltrate any useful information that they find to exploit or sell to others in the criminal underworld.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Whistleblowing Reports to the Charity Commission Double in Two Years

Recently-released data from the Charity Commission for 2018-19 has shown that whistleblowers submitted 185 accounts over the year, a jump from 101 in 2017-2018 and a twofold increase compared with 88 reports in 2016-17.

Over 90% of reports come from current or former charity employees, with safeguarding, governance and fraud the most frequent concerns.

The Charity Commission report speculates that “this increase is likely to have been influenced by the high-profile nature of safeguarding incidents emerging from the carity sector this year, which may have encouraged others to come forward with concerns”.

Read the full report by clicking here.

Source: FSI


NCVO Launches New Safeguarding Tools

New Safeguarding Resources and Guides available from NCVO and a partnership of expert organisations: #SafeguardingAsOne

NCVO’s Knowhow advice site is a hub for an expert range of new online safeguarding resources. NCVO’s free online resources, launched on 7 October 2019, outline simple steps that voluntary organisations can take to ensure that they are run in a way that actively prevents beneficiaries, staff and others from suffering harm, harassment, bullying, abuse and neglect.

Safeguarding should be a core value of every voluntary organisation and considered a personal responsibility of everyone working in them, the National Council for Voluntary Organisations (NCVO) has urged.

To access NCVO’s Safeguarding Tools click here.

Source: NCVO Newsletter


New Code of Fundraising Practice

The new Code of Fundraising Practice will come into effect on 1 October 2019. This is the first major redraft of the code in almost a decade, following a consultation in autumn 2018. Improvements have been made to style, presentation, clarity and accessibility to make it easier for fundraisers, charities, exempt charities and third-party organisations to understand the standards expected of them when fundraising.

Fundraising organisations should ensure that their fundraising materials, training and policies are updated to reflect the standards in the new code. To help with the transition, the Fundraising Regulator have produced a mapping document and deletions and mergers log to show where old rules and sections have moved to, which will be available online until November 2019.

Source: FSI


Cyber Security FAQ: Why Charities Can’t Afford to Ignore the Risk from Malware

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. That is why in this article we try to shed some light on the world of malware, with help from cyber security experts Avast.

Q: What is malware?

A: Malware (short for malicious software) is a common tool that cyber criminals use to get inside devices, take control of them or steal information.

In much the same way as the common cold, malware (short for malicious software) is easily caught and always evolving. It continues getting faster and cleverer, finding new ways to access your charity’s devices or network. And just like a cold, it’s much easier to prevent it than it is to deal with its effects once it’s taken hold.

Q: Are charities at risk from malware?

A: Yes. Just like commercial organisations, charities hold valuable data that cyber criminals will trade for a high price on the black market. Malware is one common (and easy) way of stealing that data.

One in five charities were affected by a breach of their data last year, costing them an average of £9,470 to fix what could have been prevented for a tiny fraction of that cost.

But monetary cost is just the tip of the iceberg. Whether or not data is stolen or recovered, the charity sector exists on a foundation of trust. Charities simply cannot afford anything that damages their reputation in the eyes of the public, their stakeholders, service users or supporters.

Added to this, charities running a tight shift to deliver critical services to their communities and service users often rely on the use of data and computers. The resulting downtime from dealing with a malware infection is just not an option.

All of this makes malware a significant threat to charities.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Five Free Efficiency-Driving Tools for Charities

Managing teams and projects is hard – especially on a tight budget. Fortunately, there are lots of free tech tools for charities which can help boost productivity, save time, and allow charities to focus on the mission.

Whether you’re communicating with teams working across multiple locations, organising the next charity fundraiser, or trying to find a date for the next board meeting, trialling some of the latest efficiency tools for charities can help, especially when they’re entirely free or offer free basic options.

See also: The best online fundraising platforms for charities click here.

Collaboration app for charities – Slack

Slack is an essential productivity tool to help charities of all sizes streamline their communication with staff, volunteers and external teams. The messaging app that allows teams to communicate in a quick, informal manner.

Comparable to WhatsApp’s improved group text messaging over traditional text messages, Slack delivers a similar service tailored for the business environment. Conversations can be direct or arranged around Teams (Finance, Service Delivery, etc.) or Projects (Fundraiser, Website Launch, etc.), documents can be shared, and users can be tagged on items so to ensure they are alerted to things key for them to look at. Slack can also integrate with a number of other tools, such as Google Calendar, Outlook, and Trello.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Get Your House in Order Before You Recruit Volunteers

Are you thinking of recruiting some new #volunteers when the summer is over? What do you need to consider before even starting?

Traditional routes to volunteering are changing and organisations are competing for volunteers. Those who donate time want to know it is well spent, that work is well organised and their contribution is valued.

Volunteers are any age. They may be school children, young people, parents or family members, or retired. Different groups may have varying approaches to volunteering. Stop to consider your target audience and what you want the volunteers to get involved in with your organisation.

It is important volunteers are clear about their roles and the support they can expect from an organisation.

Organisations need to have systems and procedures in place to ensure their volunteers have a great experience.

Giving volunteers a quality experience

In January 2019 NCVO has published a new report Time Well Spent on the volunteer experience. This national survey of over 10,000 respondents found there are eight key features that make up a quality experience for volunteers:

  1. Inclusive: welcome and accessible to all
  2. Flexible: takes into account people’s individual life circumstances
  3. Impactful: makes a positive difference
  4. Connected: gives a sense of connection to others, to the cause and/or an organisation
  5. Balanced: does not overburden with unnecessary processes
  6. Enjoyable: provides enjoyment, people feel good about what they are doing
  7. Voluntary: the volunteer has freely chosen to do it
  8. Meaningful: resonates with volunteers’ lives, interests and priorities

Volunteering may be regarded as a way to learn new skills, meet new friends, or make a valuable contribution to a cause. It may lead to employment and new careers.

Useful links:
For more information on good practice methods for recruiting volunteers you can download the Investing in Volunteer quality standard framework

Volunteer placements, rights and expenses (Direct Gov).

NCVO Know How.

Source: NCVO


HMRC’s Criminal Offences For Failing to Prevent Tax Facilitation – What They Are and What to Do

HMRC is reminding companies and partnerships (including charities) that they can be criminally liable if they fail to prevent their staff or those that represent them from facilitating illegal tax evasion.

The offence, which came into force in September 2017, does not substantially alter what is illegal tax evasion, but focuses on who is held accountable for enabling or allowing it.

Rather than try and attribute illegal tax evasion to an organisation, it focuses on the failure of that organisation to prevent those who work for, act for or on behalf of from committing criminal tax evasion.

HMRC has published information about this, including what organisations can do to build their internal procedures in light of the offences. The ‘corporate criminal offences’ can also be found in Part 3 of the Criminal Finances Act 2017.

HMRC has also launched a new dedicated self-reporting route for organisations that have failed to prevent the facilitation of tax evasion. Find out how to self-report, and why it may be in an organisation’s interest on the Tell HMRC your organisation failed to prevent the facilitation of tax evasion webpage on GOV.UK.

If you have any queries about preventing tax facilitation please contact HMRC.

Source: Charity Commission Newsletter issue 63


Page 1 of 15123...Last