Developing a cyber resilient organisation

26% of charities faced a cyber-breach in the last 12 months, and this number increases to over 50% for organisations with an income of over £500,000. As part of the Beyond programme, we worked in partnership with Red Goat Cyber to give nonprofits the knowledge and tools to secure themselves against cyber attacks and to develop a plan in the event of being attacked by cyber criminals. Below are some top-tips!

WHAT IS CYBER SECURITY?

Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly. Cyber security is the technology, process, and practices that an organisation employs to keep its data safe from unauthorised access. 

One of the biggest risks for nonprofits in cyber attacks is the loss of data, and many criminals are becoming increasingly more sophisticated in social engineering, mastering their ability to manipulate people into divulging personal information. Below are some resources, and tips to help get you cyber secure: 

TOP TIPS FROM THE RED GOAT CYBER TEAM:

1. Backup your data. It’s important to delete the data you no longer need, and backup the data you do. You can do this locally (to a hard drive) or a Cloud backup - ideally both. When you’re doing local backups, as soon as the backup is done, unplug the devices, and always remember to test your backups.

2. Antivirus, Firewall & Encryption. Make sure your computer has a firewall turned on, and an antivirus programme installed (AVG, AVAST, Norton etc.) Encrypting your data is also helpful, as if your laptop is stolen for example, your data will not be accessible. 

3. Always update your software. Firstly, always ensure that there are no redundant applications on your computer, anything you’ve downloaded but don’t use should be deleted. Software companies issue updates for any problems and security flaws they’ve identified within the system. Updating will make your applications, and thus your computer, safe. 

4. Passwords and authentication. Are you guilty of using the same password for everything? Lots of people are! Make sure you use strong passwords, and 2fa (two factor authentication) on your devices e.g. a text message and a password. A strong password will mean that someone can’t guess it easily, and 2fa means that even if they do - they won’t be able to access your account without your phone or another account. 

5. Develop an incident management plan. It’s always good to be prepared for a cyber attack, however unlikely you may think this is. An incident management plan deals with the process of responding to an incident including, comms, and staff reporting.

RESOURCES YOU MAY FIND USEFUL:

• Cybersecurity small charity guide - National Cyber Security Centre resource for small charities

• Nonprofit Guidelines for Cybersecurity and Privacy

• Cybersecurity toolkit for boards - National Cyber Security Centre resource

• Charities Commission: What you do and do not need to report

• ICO Preparing for a Personal Data Breach Checklist

Some of the documents shared are pdf’s. If these pose a problem for you, please contact us via the email below and refer to the National Cyber Security Centre’s accessible documents policy.