Cyber security essentials

7 August 2019

Cyber-crime is becoming an increasingly prevalent threat and reality for charities: in 2018 over two thirds of high income charities recorded a cyber breach or attack (Cyber Security Breaches Survey 2019).

Many charities are yet to take action and, even for those that have, they still need to keep up to date with advice as the cyber crime threat to charities continues to evolve.

The National Cyber Security Centre has produced a simple guide focusing on small charities and how implementing a few simple steps can improve your security. Here a few actions from the guide which will help to increase your organisation’s security:

1/Back up your data

Identify what data you have which needs to be backed up and ensure that it is kept separate from your computer. One solution could be to consider using the cloud. Most providers offer a limited amount of storage space for free and larger storage capacity for minimal costs to charities. Most importantly, make backing up part of your everyday business routine.

2/Protecting your charity from malware

Install and run antivirus software on ALL computers and laptops, ensuring that all your IT equipment and software is up to date. Staff accounts should only have enough access to perform their role, thus preventing them from downloading any dodgy apps. Control how USB drives can be used as it only takes one person to inadvertently plug-in an infected device to have lasting damage to your assets and good reputation. Finally, make sure that the firewall is switched on!

3/Keep all electronics safe (smart phones and tablets)

These devices are an essential part of today’s life and can be as powerful as any computer. As they leave the ‘safety’ of the office (and home) they need even more protection than ‘desktop’ equipment. Switch on your password protection and keep your device up to date. Make sure any lost or stolen devices can be tracked, locked or wiped. No matter how tempting, don’t connect to any unknown WiFi hotspots as you have no way of knowing who these are controlled by.

4/Using passwords to protect your data

Set a screenlock password, PIN or other authentication method (fingerprint or face recognition) to lock your device. If given the option, use two-factor authentication (2FA) for any of your accounts. This is where two different methods are required to ‘prove’ your identity; generally a password and one other method. Change all default passwords and avoid using a predictable password. A good rule of thumb is to choose three random words to create a really strong password. Passwords only need to be changed when you suspect a compromise of the login credentials. Consider using a password manager to cope with ‘password overload’.

5/Avoiding phishing attacks

Scammers send fake emails to thousands of people asking for sensitive information or encouraging you to click through on a bad link. These phishing emails are getting harder to spot, but generally you should encourage everyone to check for obvious signs – a call to action ’send me details within 24 hours’, use of poor grammar or perhaps the email is addressed to ‘valued customer’ or dear friend / colleague. Anything out of the ordinary should be reported and investigated.

With just a few simple changes and increased staff awareness and training, will reduce your chances of being submitted to a cyber attack.

Further cyber security resources:

Find out how to improve cyber security using National Cyber Security Centre’s Small Charity Guide
Test and practice your response to a cyber attack in a safe environment using National Cyber Security Centre’s Exercise in a Box
Be prepared and don’t leave it to chance: have a look at NSCS’s cyber security e-learning package
Educate your staff, trustees and volunteers on how to spot phishing attacks and where to report a phishing scam
Online resources on all aspects of running your organisation

Reference: National Cyber Security Centre (NCSC)

Back

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-17527993-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-61319948-14	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
CONSENT	16 years 5 months 16 days 13 hours 4 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
uvc	1 year 1 month	The cookie is set by addthis.com to determine the usage of Addthis.com service.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
loc	1 year 1 month	This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
at-rand	never	No description available.
m	2 years	No description available.
x-cdn		No description available.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.