20th February 2020
There is a saying which runs to the effect that your security is only as good as your people. That is as true for charities as for any other organisation. And sadly, despite all of the good work which they do, charities aren’t immune from falling prey to cyber criminals. In fact, a survey from the Department for Digital, Culture, Media and Sport revealed that in 2018 one in five charities had experienced a data breach or cyber attack within the previous year.
Little surprise then that the same report revealed that 75% of charities saw cyber-security as a priority area. Nevertheless a 2020 report from NCVO, The Road Ahead, revealed that 52% of charities don’t have a digital strategy and ‘only a few’ have provided training or invested in cyber security.
So, where do charities start when looking to boost security?
IT Systems. The NCVO report comments that ‘a lot of charities are still working with outdated tools and systems.’ This not only potentially hampers their ability to effectively connect with volunteers and beneficiaries; it also can impact on cyber security measures. For example, as highlighted in our December 2019 article (Time to upgrade your workstations and servers) in January 2020 Microsoft withdrew its support for Windows 7, potentially leaving the way open for future security breaches.
Backup. Whether operating new or legacy systems, charities should ensure that data is not only backed up regularly but also that it is secure. General Data Protection Regulations (GDPR) require data to be held securely and that applies for backups as well as day to day systems. Charities may wish to consider implementing cloud backups as they are secure and can be restricted to key workers. Systems also need to be put in place to prevent those working in the charity from downloading sensitive information to external systems or memory sticks.
Accounting systems. When looking at systems charities may also wish to consider the principle of ‘least privilege’. This means giving individuals the lowest level of access which they require to do their job. This is particularly important when it comes to those who have access to accounting and payment systems.
Passwords. While we are talking about secure data, let’s not ignore the importance of secure and un-guessable passwords. A report at the end of 2019 revealed that the most commonly used password in 2019 was ‘123456’ followed by ‘123456789’ and ‘qwerty’. The UK’s National Cyber Security unit comments that “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words.”
Antivirus protection. Installing and maintaining a recognised antivirus software package is only the start here. Charities should provide cyber security training to their employees and volunteers. This can help people to recognise and avoid potentially harmful situations. These include not opening e-mail attachments or downloading apps from unapproved sources.
Thompson Jenner Partner Dave Tucker commented that “Thompson Jenner and our sister company, specialist IT provider ThinkIT, understand the challenges which charities face in a technological world. Together we are able to work with charities in order to review their accounting and IT systems, thereby boosting cyber security measures.”
If you would like to discuss cyber security in your charity or non-profit organisation further, please contact specialist Charities and Not for Profit Partner Dave Tucker on 01302 258553 or ThinkIT’s Paul McCarthy on 01392 435803.
