Four common security mistakes and how to avoid them

This article is sponsored by the National Cyber Security Centre (NCSC) – a part of GCHQ. The NCSC is the UK’s technical authority on cyber security and offers a range of practical guidance and advice to help organisations and individuals stay secure online at www.ncsc.gov.uk 

 

---

 

Falling victim to a cyber attack is often a disaster for organisations including charities. While larger ones may be able to recover – eventually – more modest ones are less likely to survive a security breach: 60% of smaller organisations cease to exist within six months of a cyber attack. 

 

Yet many cyber attacks are relatively easy for charities to avoid. The reason that they fall victim to these attacks is that they make basic security mistakes. Here are four of the most common ones, and the steps your charity can take to avoid making these mistakes. 

 

 

Mistake 1: Expecting everyone to understand cyber security 

 

A simple act such as clicking on a malicious link in an email, or opening a malicious attachment, can lead to computers becoming infected with malware, confidential data being leaked, or ransomware bringing a charity’s operations to a halt.  

 

The big question, then, is whether staff members and volunteers understand this? If not, then sooner or later it is inevitable that charities will fall victim to a phishing attack that could force them to close their doors 

 

The solution is to provide cyber security training for everyone who works at your charity – both staff and volunteers. It’s important that this is not a one-off exercise. 

 

Instead, training should be provided “a little and often” so that everyone is continually reminded of the importance of keeping vigilant and carrying out basic security precautions.

 

 

Mistake 2: Failing to update software to the latest, secure, versions 

 

Cyber criminals and security researchers routinely find flaws in software. Once a flaw has been discovered, any charity running the software is easy prey to a cyber criminal – it’s the digital equivalent of leaving a safe unlocked and with the door open. 

 

Shortly after a flaw is discovered, the software author will release an update or security patch for the software that fixes the flaw, effectively closing and locking the safe door.  

 

Yet many organisations are slow to install updates to affected software or, worse still, have no process in place to check for updates regularly and to ensure that they are installed as soon as possible. 

 

The easiest solution for charities who may have staff working from many different locations is to switch to applications running in the cloud offered by Software-as-a Service (SaaS) providers whenever possible.  

 

SaaS offerings are updated automatically by the service providers as soon as a security update is released, and that means that staff can be sure that they are always using the most up-to-date version of any SaaS applications they use without having to do anything on their part. 

 

Since not all software that charity staff use will be available from the cloud, it is also sensible to use one of the many patch management programs available. These scan all the software running on a computer (or on all your charity’s computers) on a regular basis, and download updates that become available automatically.