Charities are the same as any other company – large or small – when it comes to information security.
They have assets that need protection, threats to counter and a myriad of problems to deal with.
While it may be difficult to devote time and money to information security, charities must juggle the resources to protect their valuable data.
Charities can no longer treat data and cyber security as an afterthought – it must be at the forefront of policy.
For organisations that rely on technology, data security and the internet, cyber threats can emerge in many ways such as:
- A cyber-attack
- Theft or loss of data
- Unauthorised system access
- Adverse consequences that arise from email, website and social media misuse
In a survey undertaken in partnership with specialist insurer Markel, Third Sector Insight asked over 200 senior charity employees how prepared their charity was against cyber and data risks.
14% of respondents said their charity was very well protected against cyber and data security breaches.
Over half (54%) either didn’t know or said their charity was not well equipped to fend off a cyber security attack.
The majority (70%) believed they had processes in place to raise staff awareness regarding the importance of cyber and data security.
Under a third (28%) of cyber attacks are being reported to the police, according to a report, Cyber Security: Underpinning the Digital Economy.
In another survey, nearly 1000 respondents showed a worrying gap between awareness of the risks and business preparedness.
9 in 10 business leaders said that cyber security was important.
57% had a formal strategy in place to protect themselves and just 20% held insurance against an attack.
Charities need to be aware of the risk of significant fines of up to £500,000 which can be issued by the Information Commissioner’s Office (ICO) if they are not taking care of personal data.
Credit card numbers, bank account details, names and addresses are some of the key ‘ingredients’ for identity theft; hence there are stringent fines for charities that fail to comply with the Data Protection Act.
Cyber security for charities – top tips
Good technical support is important to ensure the secure running of IT systems.
If in-house support is not possible, a charity should make arrangements with a third-party to get the techies to be part of the team.
Update software and applications
Software operating systems and applications must be kept current and up-to-date with the latest versions.
Regular updates reduce the risk of someone exploiting a flaky old application to get access to precious data.
Authorised access to data
Striking a balance between liberty and lockdown is important. A charity should not let everyone have access to all the data and IT systems.
It should ensure that the only people who can access the information are authorised.
Eoin Heffernan | Founder, The Integrate Agency CIC