Keep your remote systems and operations secure with these 6 questions from the NCSC
Remote working has given a lifeline to charities throughout the UK.
Over the last few months, with most of us confined to our homes, many charities have digitised operations including service delivery, fundraising and office operations. As we begin to move out of lockdown, charity digital leaders will be looking to build on the digital momentum created during COVID-19 and to build plans for the future of their remote operations.
Luckily, there are plenty of steps you can take to increase your cyber security and make your work from home machines as secure as those in your office. The NCSC have published a list of 6 questions to help you keep your systems – and your charity’s data – secure from cyber threats.
At a time when many UK charities are considering how they can adapt to the new remote working environment, the National Cyber Security Centre (NCSC) has published advice to help support organisations move operations online. Whilst much of the language in the guidance talks of businesses and SMEs, it is no less relevant to charities as the same core cyber security principles apply.
We are asking organisations to first consider six key questions to identify current risks and areas for improvement. These questions range from what type of technology they currently use, to whether they have cyber insurance:
What IT assets do you own, operate and manage yourself? It’s difficult to secure technology if you can’t identify who’s responsible. Is it your job exclusively? Your service provider’s? Or a joint effort? Clarity is the important thing here.
Our SaaS security collection provides you with a relatively lightweight process for assessing the security of cloud-hosted software products.
As you become more reliant on digital services, you should think about how you’d cope if these services were unavailable. Detailing the services you use, identifying support levels and escalation routes, will help you understand and prepare for any issues.
The NCSC’s Small Charity Guide can help you to establish a baseline set of security policies for your IT, if you are a larger charity, NCSC’s 10 Steps to Cyber Security will help you to identify your baseline for a more complex infrastructure. Cyber Essentials provides a way to demonstrate to others that you have good security in place.
Rules are rules, even on the internet. If your charity is now processing Personally Identifiable Information (PII) online, you will need to read up on GDPR. If you are processing card payment information, the Payment Card Industry Data Security Standard will apply. Be clear on the balance of legal and regulatory responsibility between you and your IT service providers. Registered Charities should also understand the thresholds for reporting serious incidents such as cyber attacks to the Charity Commission through their online portal.
Are any elements of it affected by your change in circumstances, such as working from home, running services predominately ’online’, or by outsourcing a key function your charity performs?
The NCSC is committed to boosting the cyber resilience of all UK organisations. This guidance is in addition to the NCSC’s Small Charity Guide and is the latest in a suite of advice to organisations in response to the coronavirus, which includes tips on home working, video teleconferencing, and how to report email scams.
Learn more about securing your remote working operations with this guidance from the NCSC