ao link
You are viewing 1 of your 3 articles as an unregistered user

For unlimited access to our free content, please register or login.

Why Digital Risk Management Solutions Are The Future Of Charity Cyber Security

We examine the catastrophic impact a data breach can have on a charity – and how one leading charity found a way to mitigate the risk

Digital risk management - 1000 x 563.png
Why Digital Risk Management Solutions Are The Future Of Charity Cyber Security

This article is sponsored by Skurio, innovative cyber security and digital risk management experts.



Over the last few years, organisations of all kinds have experienced a significant change in the information security landscape. New data privacy regulations require increased compliance and diligence, with major penalties.

 

These pressures weigh even more heavily on charities, who have a legal and ethical duty to do everything in their power to protect sensitive user data – particularly that of vulnerable service users.

 

Digital transformation and the emergence of Cloud-based services have further increased the complexity of IT infrastructure - making you reliant on multiple third parties in order to keep your data safe.

 

And, as security measures have become more sophisticated, cyber criminals have adapted to overcome them. The threat landscape has increased with a higher number of attacks, many of which demonstrate higher levels of personalisation and targeting than before.

 

The public are becoming more aware of high-profile data breaches, making privacy and security key to maintaining supporter trust and loyalty. Again, this is even more important in the charity sector than the world of business, with many charities relying upon their reputation to raise vital operational funds.

 

All this means that protecting your data within your network alone is no longer enough. You need to protect your data wherever it lives.

 

 

 

What Data Needs To Be Protected?

 

There are four key types of user data that must be protected:

  1. IT infrastructure - Details about your infrastructure and software that can be used by bad actors to mount a cyber attack against you

  2. User credentials - Login details and passwords for any systems used

  3. Personal information - Personal information (PII) about your staff, customers, or other individuals your organisation works with

  4. Business-critical - Business-critical or commercially sensitive data that is used to provide services, run or organise your business

Many charities have undergone a process of digital transformation in recent years, becoming far more data-driven in the pursuit of greater efficiency.

 

In these organisations, data is used to help define strategy, improve customer experience, accelerate research and development, drive recruitment and much more. It has become a vital operational component.

 

But if this data is leaked, stolen or otherwise given to criminals it can significantly impact your charity.

 


Related Articles

Digital guide: online privacy and securityDigital guide: online privacy and security
How Breast Cancer Now fights cyber crime: one alert at a timeHow Breast Cancer Now fights cyber crime: one alert at a time
How charities can keep safe from the threats of the Dark WebHow charities can keep safe from the threats of the Dark Web
The next generation of cyber security threats (and how to protect against them)The next generation of cyber security threats (and how to protect against them)
Why charities need to manage the risks of the Dark WebWhy charities need to manage the risks of the Dark Web


Where Is Your Data Stored?

 

In the past, you knew precisely where your data was. Today, your data is everywhere, and it lives in three types of locations.



Inside your network

  • On premise

  • On private Cloud

 

Inside your supply chain

  • Supply chain partners
  • 3rd party apps

 

Outside your business

  • Devices
  • Shadow IT
  • Surface, deep & Dark Web

 

Keeping control of on-premise data is straightforward enough.

 

You probably already have systems in place to manage data security inside the firewall. Cloud security adds additional process and complexity.

 

But, when data leaves the business, things start to get tough. Requiring suppliers to conform to standards is a good first step; on-going enforcement is harder. Not least because your partners and suppliers will also be reliant on third-party suppliers themselves. This only increases digital risk further.

 

To top it all off, data could be stored on devices or shared on emails using insecure networks. All of this means that your data could end up in other locations without your permission, your knowledge, or your protection.

 

So how do you keep up?

 

 


The 2 kinds of data breach


Broadly speaking, data breaches fall into one of two categories:

 

Human error

  • Wrong email address
  • Lost device
  • Data theft

Malicious attack

  • Phishing
  • Hacking
  • Ransomware
  • Ex-employee

 

The first of these is human error. Staff who work for you or your partners may accidentally lose data. A mis-addressed email or lost phone incident can happen to any business. Information incorrectly distributed or lost is the biggest cause of personal data breaches in the UK.

 

The second type of threat comes from a malicious attack. These can take many forms depending on the motivation for the attack, which could be to harm to your reputation, or operations or simply for financial gain. Bad actors could even include a former employee holding a grudge. Even if you have fantastic security and faultless processes, your business can still be at risk of attack through your supply chain.

Most businesses only focus on protecting data inside the network


How do you know if your data is already out there? Most likely you won’t. That’s because most businesses use one type of security solution. That is, security solutions that are focused on defending the network and data from external threats. And this is where Digital Risk Protection comes in – looking for your data and threats to your data outside the firewall, and beyond your network.

 

 

 

How This Works: A Case Study


Breast Cancer Now is the UK’s largest breast cancer research charity, having merged with Breast Cancer Care in 2019. It focuses on making a world where everyone who develops breast cancer will live, and live well, a reality by 2050.

 

To this end, the organisation is funding almost £25 million worth of cutting-edge research and directly supporting nearly 380 scientists. The organisation collects donations through gifts, fundraising, corporate partnerships, special events and more.

 

Given that Breast Cancer Now handles the personal and financial details of thousands of donors, data protection is a huge priority for the organisation.

 

A data breach is a reputational risk that could have a significant negative impact on the charity’s future fundraising activities and its ability to deliver on its goals.

 

Because of this risk, the IT team needed to increase its ability to detect if and when a breach had occurred. During the team’s planning for complying with the General Data Protection Regulation (GDPR), it was decided to deploy a mechanism that would notify the team if any of the organisation’s data was breached.

 

“We wanted to go into GDPR with our eyes wide open. It quickly became apparent that the ability to detect if we had been breached was a key capability. We needed to be able to react more quickly in the event of a breach and keep our donors’ data safe.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now

 


The organisation then considered Skurio’s BreachAlert solution, which proactively monitors the open, deep and Dark Web for data belonging to the organisation — alerting the IT team if data appears anywhere it shouldn’t, indicating a breach.

 

This real-time monitoring capability exactly matched Breast Cancer Now’s requirements and desire for peace of mind when it came to data protection. As a result, the organisation went ahead with implementing BreachAlert.

 

Breast Cancer Now went live with BreachAlert in May 2018. The platform was integrated into the organisation’s IT and data teams under the GDPR directive and was immediately supported by the GDPR direction board following recommendations to address the breach identification and notification process.

 

As Breast Cancer Now’s primary breach detection solution, BreachAlert searches for the charity’s domain information appearing on the open, deep and Dark Web — including legacy companies, email addresses, IP address ranges and keywords.

 

“We have found implementing BreachAlert a seamless process from start to finish. The platform, itself, is quick to set up and very intuitive, making it easy to create notifications and search its historical database. The analysts and support team are always on hand to assist with any questions we may have.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now

 

The results of BreachAlert were almost instantaneous for Breast Cancer Now. Before going live with the solution, the charity had been notified of an unauthorised sign in to its systems by Office365. However, during the proof of concept phase, BreachAlert identified a Dark Web post that was the source of the password credentials used in the unauthorised login.

 

“If BreachAlert had been in place prior to this threat, we could have put relevant measures in place internally, mitigated the threat and ultimately prevented the unauthorised login before it happened.”

 

- Brigid Macdonald - IT manager, Breast Cancer Now


How Skurio Can Help

 

Early detection of breached data is one way in which organisations can prevent account takeovers and unauthorised access. Automated solutions that work around the clock provide faster detection.

 

Data breaches impact the reputation of any organisation affected. Taking steps to monitor for data breaches and external cyber threats can help to maintain trust with your stakeholders.

 

Few organisations have the skills and budget to maintain a fully staffed and tooled security operations centre. Cloud-based solutions which can be quickly deployed and easily used by existing staff with no cybersecurity expertise have significant benefits.

 

The impact of a data breach can be expensive to the reputation of an organisation as well as its finances. Yet, the average time to detect a breach is 197 days. Skurio solutions monitor for your data across the surface deep and Dark Web 24x7. Instant alerts mean that you can detect breaches sooner and react faster.

 

Find out more

Learn how your charity can access Skurio at a discounted rate

Aidan Paterson

Aidan Paterson

Aidan Paterson

Whitepapers & Webinars
Post-COVID-19 cyber security trends

Post-COVID-19 cyber security trends

Related Jobs

Business Systems Support Co-ordinator - p/t 16 hrs pw


Site Maintenance Co-ordinator - p/t 20 hrs pw


Digital Community Coordinator

More on this topic

New report details the future of post-lockdown fundraising

New report details the future of post-lockdown fundraisingSponsored Article

Post-COVID-19 cyber security trends

In this week’s Charity Digital webinar, the NCSC and Chris Hall from Charity Digital offer some advice on keeping your charity safe and secure in an evolving threat landscape. The webinar will explain, among other things, the risks organisations face and the steps charities can take to protect themselves.

Book now