Six questions to ask about your charity’s cyber security
Author: Cub Llewelyn;
Reading Time: 3 minutes
We've made this resource open. You are free to copy and adapt it. Read the terms.
Many charities reacted quickly to the constraints imposed by COVID-19 in 2020, adjusting their ways of working to keep their organisation active and deliver key services in communities and across the nation. In many cases, this meant placing greater reliance on digital technology. With the pace of change it was easy to ignore the need for good cyber security. However, with any period of change and uncertainty, criminals are never far away in their attempts to manipulate the situation.
We look at some of the resources we’ve released to help.
Moving your organisation from physical to digital
The National Cyber Security Centre (NCSC) has released guidance to help make sure your charity stays secure.
In 2020, the transition from a physical to an online presence was new for many organisations. Even if organisations had been operating online for some time, it was likely that the nature and priority of the IT services and support they required had changed.
This could have been due to increased numbers of staff or volunteers working from home, a rise in the number of online transactions, and the use of video conferencing software in place of face-to-face meetings.
Things are unlikely to return to how they were pre-Covid and NSCS guidance is still relevant today when it comes to understanding risks and identifying areas of improvement. They encourage you to ask six questions:
- What technology do you use already?
- Are you using cloud services?
- Do you have access to IT support?
- What cyber security measures do you have in place?
- Are there any regulations you need to follow?
- Do you have cyber insurance?
More specifically, here is some guidance on some particular issues.
Video Conferencing: security guidance for organisations
The COVID-19 lockdown meant many organisations used home working on a greater scale and a number of organisation’s permanently moved to a hybrid model with some never returning to the office. With more staff working remotely, video conferencing had an obvious role to play. At the time there were lots of news stories detailing various security issues or concerns about different platforms. These stories can often be confusing, so the NCSC developed vendor agnostic guidance to help you select, configure and securely implement video conferencing services.
Mitigating Malware and Ransomware attacks
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the WannaCry malware that impacted the NHS in May 2017.
During this period of uncertainty, a ransomware attack could have significant consequences for your charity, in part because staff may not be able to respond to the incident as quickly or effectively. It’s important therefore to make sure you are following this guidance which will help you to reduce:
- The likelihood of becoming infected
- The spread of malware throughout your organisation
- The impact of the infection
Further advice and guidance
To find out more about the NCSC and other guidance they have available please visit www.ncsc.gov.uk
Commissioned by Catalyst