The first article in our new series explores the positive ways in which charities have implemented cybersecurity in recent weeks, months, and years
Cyber attacks are a real threat to charities, and with the shift to remote working since the pandemic, that threat is even greater. But there’s lots of good news emerging around cyber security. We take a look.
It might sound obvious, but charities need to be cyber security aware. A cyber attack can be costly, with a loss of reputation, revenue, and productivity – let alone the financial costs of fixing the cyber security breach.
And, according to the Department for Digital, Culture, Media and Sport, 26% of charities faced a security breach in 2020, with high-income charities being the hardest hit at 51%.
Through the pandemic, vast numbers of charity workers switched to home working, almost overnight. With more employees signing into systems remotely, and two thirds of charities saying that staff regularly use their personal devices for work, the risk of being victim to a cyber attack has increased for many organisations.
While smaller charities may feel they’re not at risk, according to the NCSC, in the UK 38% of micro and small organisations experienced a cyber security breach in 2020. And, of those who lost data or assets, the average loss was £8170 – no small sum for the size of organisations affected.
Many smaller charities and organisations tend not to have an IT department, let alone an in-house cyber security professional. So, in May 2021, the National Cyber Security Centre launched a new online learning programme specifically for small businesses and charities.
Put together with a non-technical audience in mind, the accessible training programme aims to help charities reduce the likelihood of being victim of a cyber attack. The training can be easily rolled out for colleagues to work through, or if your charity has its own training platform, the programme can be integrated into it and content tweaked to make it bespoke to your audience.
Colleagues will learn about: backing up data; protection against malware; securing devices used by employees; creating strong passwords; and how to defend against phishing. It only takes around 30 minutes to complete, so is a simple way to get all staff, including volunteers, on the ball when it comes to cyber security.
And the best news – it’s free.
The Heritage Fund launched a new guide to online security, addressing a range of security issues which UK heritage organisations are likely to face. With checklists, practical advice and resources, it aims to keep organisations and the communities they support stay safe online. It also held a ‘Digital Skills for Heritage’ webinar with advice from The National Lottery Heritage Fund and Naomi Korn Associates.
Another example of sector-specific support is the cyber security information from the Scottish Council for Voluntary Organisations (SCVO), which pulls together advice and signposts to useful resources on how to work online safely and securely.
This was echoed during Cyber Scotland Week in February 2021 with a number of third sector security issues being explored through presentations hosted by SCVO.
During the widely reported Blackbaud cyber attack, charities including OpenMinds and Save the Children were honest and transparent about what had happened with their audience. Similarly, when we at Charity Digital faced a cyber attack earlier this year, we held our hands up and were open with our community about it.
We also used our own hacking to kick-start a long-term campaign to help charities improve their cyber security. We’ve run a survey with the NCSC, the results of which will be shared soon. And our ‘self defence class in cyber security’ webinar with Save the Children will share more insights into having robust cyber security.
We’re encouraging the rest of the sector to talk openly about it too – the more we share information to learn about what works and what doesn’t in the world of cyber security, the more charities will be able to protect themselves.