Insights
We explore how charities can ensure their digital transformation projects continue to deliver their objectives in the future, with particular focus on planning and cyber security
By definition, digital transformation projects are about the future. Digital transformation uses digital technology to modify or build new processes that will improve the way we work moving forward. For charities, this might mean the ability to identify and reach out to more beneficiaries, adopting a new CRM system to improve communications with donors, or improving the capacity of existing technology to meet rising demand for services.
Digital transformation is a complex process, however, with a multitude of factors to consider beyond simply the end goal. Charities must consider elements such as resource, budget, and, importantly, security when developing their plan for digital transformation in order to make it a success. Simply put, it requires a strategy.
However, research from digital transformation experts TES found that only 21% of charities had a digital strategy and even fewer (17%) had an IT strategy. Perhaps more concerningly, only 36% of charities said they had a disaster recovery plan for their digital services. A quarter did not know if they had one. Larger charities were more likely to have a disaster recovery plan than small charities.
If digital transformation is about preparing for the future, without a disaster plan in place, that future is far less assured. In a world where around a quarter of charities identified a cyber breach over the last 12 months, a disaster recovery plan is essential to mitigating the very real risk of digital failure as a result of a cyber attack.
Cyber attacks can occur wherever a charity is online – through online contact forms, databases, cloud services, and more. Prioritising a high level of cyber security is crucial, therefore, to prevent digital projects from being derailed. It minimises the risk of disruption to vital services that charities provide, with security measures like back ups and disaster recovery plans ensuring continuity should a cyber breach occur. Without these measures in place, charities can experience reputational and financial damage, as well as risk fines or legal consequences for failing to keep data safe.
In short, if a digital project does not have robust cyber security, it can actually cause more problems for charities than it solves. Below, we explore what charities can do to mitigate that risk and ensure their digital transformation projects continue to deliver in the future.
According to TES’ survey, 70% of charities outsource some or all of their IT provision. But when outsourcing, charities must ask the right questions of their partners or risk losing control of their security.
Cyber certifications can be really helpful for charities in reassuring them that their partners are on top of their cyber security. Certifications such as Cyber Essentials and ISO 27001 ensure a minimum level of cyber security that IT providers must adhere to in order to protect against cyber attacks. ISO 27001 provides an international benchmark for implementing, managing, and maintaining security, while Cyber Essentials is based around a framework of five core controls that can mitigate cyber threats, from implementing firewalls to limiting user access.
Charities are home to a wealth of sensitive data and often have limited resources with which to protect it, making them a target for cyber criminals. When embarking on digital projects, charities must prioritise security to prevent losses in the future and that means asking for it from their delivery partners, too.
We’ve mentioned above the importance of a disaster recovery plan in ensuring that charities can continue to operate at a time when demand for their services is higher than ever.
A disaster recovery plan should include mapping out the most likely risks to IT systems and data and the impact that these risks may have. Understanding these risks can help with the next stage of planning, helping charities to identify potential solutions and next steps that can improve how they respond to issues when they arise. In the middle of a crisis, there is little time to react so having protocols in place can help charities recover quicker.
To this end, disaster recovery plans should also include a list of roles and responsibilities of individuals and teams involved in the project should anything occur. This reduces immediate panic in a crisis and means that everyone in the team is clear about what they need to do to mitigate risks and recover. It also means that there is a clear chain of command should issues need to be escalated.
Of course, not everything can be predicted, but with a disaster recovery plan in place, charities have a place to start in the event of disruption. Plans can be adapted but starting from scratch is much harder.
A new digital tool is only as good as the team using it. When adopting a new tool, it is important that charities can maintain it, to ensure it keeps working in the future and solving the problems it was created for.
Without maintenance, digital solutions not only become obsolete but also a cyber security risk. Outdated technology can lead to vulnerabilities in systems that cyber criminals can exploit to gain access to sensitive data. Maintenance is essential to prevent this. It also means that the team looking after the technology are aware if it is functioning correctly and address these issues head on if it is not, preventing disaster or allow a quicker recovery from it.
Therefore, charities must remember that digital transformation is not finite. To minimise risk, they must continually review their technology and IT infrastructure to be certain it is continuing to deliver the impact it was created for now and in the future.
For more information on how to deliver digital transformation, click here to contact TES.
For the sixth year in a row, we're bringing back an action-packed event filled with Digital Fundraising insights from the charity and tech sectors. Join us on 7th October 2024 for a free, one-day online event featuring informative webinars and interactive workshops.