Throughout the month of April, Charity Digital will be publishing a range of content designed to help charity professionals gain vital cyber security skills. The NCSC and IASME have put together the Cyber Essentials program to help individuals and organisations keep systems and devices secure
Cub Llewelyn-Davies - Charity Sector Lead from the National Cyber Security Centre, introduces Cyber Essentials for charities
Cyber security breaches are some of the biggest challenges facing the charity sector. This has never been more true than in the current moment - with many charities having migrated to remote working at very short notice: potentially without time to properly establish stringent security protocols.
But this issue has not appeared overnight. 44% of charities aren’t protecting themselves from cyber attacks simply because they don’t see themselves as being at risk. This means that charities present an attractive target for cyber criminals, leaving them vulnerable to costly security breaches (the average cost of a cyber breach to a charity in 2019 is nearly 10k).
There is a feeling among smaller charities, and those with limited resources or a wide base of service users, that cyber security simply isn’t a priority. But this can have devastating and costly repercussions. Therefore, it is important to begin with the basics.
Cyber attackers often use relatively simple methods which exploit basic vulnerabilities. By learning how to defend yourself and your systems by securing internet connections and devices, controlling access to data, and how to protect against malware, you can prevent cyber attacks.
From today, the IASME Consortium has taken over the delivery of the National Cyber Security Centre’s (NCSC) Cyber Essentials scheme, which teaches businesses how to protect themselves from the most common cyber threats and reassure their customers that cyber security is taken seriously.
Since the scheme launch in 2014, the NCSC has helped to protect over 40,000 UK businesses from the most common cyber threats.
For those of you that bid for contracts or deliver services for partner organisations, Cyber Essentials is now appearing more often as one of the pre-conditions to secure funding for your Charity. The most commons questions that the National Cyber Security Centre (NCSC) are asked about Cyber Essentials by those that come across it for the first time are;
What is Cyber Essentials?
Cyber Essentials is a simple but effective, government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks. Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.
Why should we care about Cyber Essentials?
Cyber Essentials allows you to quickly home in on the five most important technical controls that will help protect you and your organisation more effectively. Cyber Essentials shows you how to:
Should you be working to get to your Charity Cyber Essentials certified?
The response to this question probably starts with the caveat that “…it very much depends on your circumstances/situation…” and ultimately it is down to you to decide (but if a contract you are bidding for is dependent upon you achieving Cyber Essentials certification then the decision is effectively taken out of your hands). The principles outlined in Cyber Essentials represent best practice for the sector and if implemented correctly will dramatically improve the cyber resilience of your organisation. Depending upon your budget however, you will have to weigh up the benefit of this increased resilience against the cost of certification, which although relatively modest compared to other assurance schemes, is an annual and ongoing one. Even if you choose not to pay for full certification there is nothing to stop you implementing the recommendations of the scheme, this will then leave you better protected and make it far simpler to certify should the need arise in future.
The NCSC have recently awarded a 5-year contract to the Information Assurance for Small and Medium Enterprises Consortium (IASME) to take over full responsibility for running the Cyber Essentials delivery at the beginning of April 2020. To learn more about the scheme please visit the Cyber Essentials website.