Cyber security essentials

Cyber-crime is becoming an increasingly prevalent threat and reality for charities:  in 2018 over two thirds of high income charities recorded a cyber breach or attack (Cyber Security Breaches Survey 2019).

Many charities are yet to take action and, even for those that have, they still need to keep up to date with advice as the cyber crime threat to charities continues to evolve.

The National Cyber Security Centre has produced a simple guide focusing on small charities and how implementing a few simple steps can improve your security.  Here a few actions from the guide which will help to increase your organisation’s security:

1/Back up your data

Identify what data you have which needs to be backed up and ensure that it is kept separate from your computer.  One solution could be to consider using the cloud.  Most providers offer a limited amount of storage space for free and larger storage capacity for minimal costs to charities.  Most importantly, make backing up part of your everyday business routine.

2/Protecting your charity from malware

Install and run antivirus software on ALL computers and laptops, ensuring that all your IT equipment and software is up to date.  Staff accounts should only have enough access to perform their role, thus preventing them from downloading any dodgy apps.  Control how USB drives can be used as it only takes one person to inadvertently plug-in an infected device to have lasting damage to your assets and good reputation.  Finally, make sure that the firewall is switched on!

3/Keep all electronics safe (smart phones and tablets)

These devices are an essential part of today’s life and can be as powerful as any computer.  As they leave the ‘safety’ of the office (and home) they need even more protection than ‘desktop’ equipment.  Switch on your password protection and keep your device up to date.  Make sure any lost or stolen devices can be tracked, locked or wiped.  No matter how tempting, don’t connect to any unknown WiFi hotspots as you have no way of knowing who these are controlled by.

4/Using passwords to protect your data

Set a screenlock password, PIN or other authentication method (fingerprint or face recognition) to lock your device.  If given the option, use two-factor authentication (2FA) for any of your accounts.  This is where two different methods are required to ‘prove’ your identity; generally a password and one other method.  Change all default passwords and avoid using a predictable password.  A good rule of thumb is to choose three random words to create a really strong password.  Passwords only need to be changed when you suspect a compromise of the login credentials.  Consider using a password manager to cope with ‘password overload’.

5/Avoiding phishing attacks

Scammers send fake emails to thousands of people asking for sensitive information or encouraging you to click through on a bad link.  These phishing emails are getting harder to spot, but generally you should encourage everyone to check for obvious signs – a call to action ’send me details within 24 hours’, use of poor grammar or perhaps the email is addressed to ‘valued customer’ or dear friend / colleague.  Anything out of the ordinary should be reported and investigated.

With just a few simple changes and increased staff awareness and training, will reduce your chances of being submitted to a cyber attack.


Further cyber security resources:

Reference: National Cyber Security Centre (NCSC)