Six questions to help secure your remote operations

At a time when many UK charities are considering how they can adapt to the new remote working environment, the National Cyber Security Centre (NCSC) has published advice to help support organisations move operations online. Whilst much of the language in the guidance talks of businesses and SMEs, it is no less relevant to charities as the same core cyber security principles apply.

We are asking organisations to first consider six key questions to identify current risks and areas for improvement. These questions range from what type of technology they currently use, to whether they have cyber insurance:

1. What technology do you use already?

What IT assets do you own, operate and manage yourself? It’s difficult to secure technology if you can’t identify who’s responsible. Is it your job exclusively? Your service provider’s? Or a joint effort? Clarity is the important thing here.

2. Are you using cloud services?

Our SaaS security collection provides you with a relatively lightweight process for assessing the security of cloud-hosted software products.

3. Do you have access to IT Support?

As you become more reliant on digital services, you should think about how you’d cope if these services were unavailable. Detailing the services you use, identifying support levels and escalation routes, will help you understand and prepare for any issues.

4. What cyber security measures do you have in place?

The NCSC’s Small Charity Guide can help you to establish a baseline set of security policies for your IT, if you are a larger charity, NCSC’s 10 Steps to Cyber Security will help you to identify your baseline for a more complex infrastructure. Cyber Essentials provides a way to demonstrate to others that you have good security in place.

5. Are there any regulations you need to follow?

Rules are rules, even on the internet. If your charity is now processing Personally Identifiable Information (PII) online, you will need to read up on GDPR. If you are processing card payment information, the Payment Card Industry Data Security Standard will apply. Be clear on the balance of legal and regulatory responsibility between you and your IT service providers. Registered Charities should also understand the thresholds for reporting serious incidents such as cyber attacks to the Charity Commission through their online portal.

6. Do you have cyber insurance?

Are any elements of it affected by your change in circumstances, such as working from home, running services predominately ’online’, or by outsourcing a key function your charity performs?

The NCSC is committed to boosting the cyber resilience of all UK organisations. This guidance is in addition to the NCSC’s Small Charity Guide and is the latest in a suite of advice to organisations in response to the coronavirus, which includes tips on home working, video teleconferencing, and how to report email scams.