Guest blogger Tom Watson, Business and Communications Lead at NAVCA (National Association for Voluntary and Community Action) talks about their work with the National Centre for Cyber Security and their simple tips for keeping your small charity safe online.
The ways in which charities and voluntary sector groups are using digital to support their work is growing everyday; from using online HR Systems, to online finance apps, social media to cloud data storage, the list is pretty much endless.
Working digitally is a great way to support your organisation to do more, to reach more people and to have a bigger impact, but there are risks.
As we all increasingly move to a digital first workplace, we need to be sure that our systems are protected, that data is secure and that the digital systems we increasingly rely upon will work when we need them most.
That’s why NAVCA has been working with the National Centre for Cyber Security to ensure small charities and voluntary organisations have the right support and guidance to keep them safe.
Producing new cyber security guidance for small charities
In summer 2018 the National Centre for Cyber Security hosted NAVCA members for a round table on developing new guidance for small charities on cyber security. NCSC have a huge remit to support businesses and charities with cyber security and they wanted to understand how to reach small local voluntary organisations and charities with guidance that was relevant to them.
As NAVCA members support 1000’s of groups every single day, they were expertly placed to help in developing and testing this guidance to ensure it would be as relevant as possible. National Centre for Cyber Security worked in partnership with NAVCA to create a training package and resources which small charities and community organisations could access and implement.
In early 2019 NAVCA members have delivered training sessions around the country to small voluntary sector groups, supporting them with understanding the risks and also the steps that all organisations, of any size, can take to protect themselves. The feedback to date has been fantastic, with charities finding the training extremely useful, giving them clear and simple things they can do to protect their organisation.
With the support of DHSC we were able to deliver additional sessions as part of the Digital Leaders programme.
We will be running further training in 2019 so follow @navca on Twitter for details.
Understanding the risks
NCSC carried out their own assessment outlining the cyber threat that charities of all sizes now face. While most charities are small, their combined income in 2018 was over £48 billion, meaning the sector as a whole may well be an inviting target for cyber criminals.
Charites and voluntary sector organisations are also increasingly holding vast amounts of data, personal, financial and commercial that may be of interest to a range of cyber criminals.
“Cyber Criminals” may sound far-fetched to many, with (for those of us of a certain age) flashbacks to 90’s films such as Hackers, The Net or Jonny Mnemonic, but we are exposed to cyber criminals on an almost daily basis, and most of them aren’t bleach blonde tech whizz kids.
Many of these interactions come about through our emails; those emails where it looks like it comes from someone you know, but the language is odd or they are asking you to click on a link?
Well that may well be a phishing attack, ransomware, or malware. Our email systems are generally quite good at filtering out many of these, but some do still get through, and when they do, the results to organisations can be devastating.
Organisations have lost access to entire systems, their data or money, crippling their ability to do vital work.
One of the largest Cyber-attacks in recent memory, the WannaCry hack hit computers all over the UK, and created havoc within the NHS. It caused an estimated £92m worth of distribution and damage.
What can organisations do to protect themselves?
There are many things that organisations can do to protect themselves, and most of them are really simple.
- The starting point is to understand the risks, and be aware that cyber security is everyone’s responsibility. It doesn’t just fall to the IT team, or in the case of most small charities, the one person who knows a bit about computers!
- After that, the NCSC Cyber Security: Small Charities Guide is a great place to go. There are actionable guidelines to work through, that will help to protect you and your organisation.
- Check out NAVCA events and follow @navca on Twitter for details of new training in your area and helpful resources.
- Find your local NAVCA member and ask about training or 1-1 support to help your organisation prepare.
- Keep computers and software up to date. For charities both Office 365 and Google G suite are free and will offer automatic updates for many of your general software. Check out Tech Trust tt-exchange for details.
- Speak to trusted organisations like Superhighways for extra training and support on all things digital.
- Keep learning, keep alert and don’t be afraid to ask for help!
This blog has been produced as part of our Digital Leadership 101 series of training and advice for CEOs and trustees of small charities, funded by the Department of Digital, Culture, Media and Sport and run in partnership with The FSI, NAVCA and London Plus.