Speaking at the NetSquared London Cybersecurity for Good
meetup on 24th January, cybersecurity experts outlined the most important steps that all non-profits need to take to keep their data and services secure.
NetSquared London, part of the international NetSquared community
, runs monthly meetups for local community members to come together to share ideas, ask questions, and collaborate around using technology for social benefit.
At the latest meetup, Nick Denning, CTO at security firm CySure Limited
and Phil Anthony, founder of charity IT consultant CoopSys
warned that charities are notoriously bad at protecting themselves, making them easy targets for unscrupulous hackers.
Whether through malware or spear phishing, the avenues of attack are growing all the time, and potential damage can be crippling for charities.
Small charities in particular are the most at risk from ransomware and phishing scams as they seldom have policies and processes in place to help their network and users stay secure.
However, the experts went on to outline how smaller organisations with low budgets and limited knowledge of cyber security can understand the risks and protect their organisations effectively.
One of the most straightforward measures for charities of all sizes to implement is
, the government-backed scheme to help organisations protect themselves against common threats, advised Denning.
The key takeaways at the event were:
- Policies: Having defined policies covering things like passwords, back-ups, bring-your-own-device and digital payments and enforcing these policies will remedy a lot of potential weaknesses.
- Password protection: All devices should be password protected, as should Wi-Fi access. Keep passwords secure and change them regularly.
- Defaults: Remember to change default passwords for firewalls or routers and don’t name administrator accounts ‘Administrator’.
- Antivirus: If you don’t already have it, set up antivirus and endpoint protection. Eligible UK charities have access to donated licences of Norton Desktop, Symantec Enterprise and Bitdefender through the Charity Digital Exchange programme.
- Email: Email is the biggest access point for viruses and malware, with smaller organisations the most vulnerable. Mailshell donations available to charities can help charities not using Office 365 or Gmail, while staff education and active policies are important.
- Devices: Anything added to an IT system can be leaked or stolen – be that a server or a memory stick. Sensible limits should be set on employees’ ability to save files offline, and devices should always be encrypted in some way in case of theft.
- Inductions: Have an induction process for new staff and volunteers who want to use their own devices. Add them to your secure network and ensure that they understand what can and can’t access on/added to the network.
- Encryption: Use FileVault if you’re using an Apple device running MacOS or turn on Bitlocker if you’re using Windows 10.
- Updates: Always keep your core operating software up-to-date if your system can handle it. Charities can access donated Windows 10 Pro and Windows 10 Enterprise licences through Charity Digital Exchange.
The next NetSquared London meetup
will be discussing how charities can best use their technology for monitoring, evaluation, research, and learning (MERL) purposes, ahead of the MERLtech conference
on 19-20 March.
Speakers will include Nissa Ramsey, founder of Think Social Tech
and former Tech for Good grants manager at Comic Relief, and James Noble, Impact Management Lead at New Philanthropy Capital