Does my charity or website hold personal data?
If the answer to the question is yes, then cyber security insurance is a must have!
‘Why would someone want to steal our stored data? We don’t have any money’
Cyber criminals are not always interested in money- more often than not they want to steal personal information and sell it online or simply, just to cause problems for you and your company.
Cyber Risk can be broadly split into three main themes; malicious cyber-attacks, accidental information loss/misuse and physical system failures.
Malware such as worms, trojan horse, spyware and adware can all disrupt or lead to the loss of data. In the meantime, denial of service attacks can bring operations to a complete halt. The aforementioned threats are becoming extremely subtle and can attempt to stay in a system undetected for long periods of time.
Charities are not immune to these threats. An article in the Guardian newspaper highlights that in 2012, an anti-abortion hacker obtained personal details of thousands of clients of the British Pregnancy Advisory service. They did not realise that their website stored the names, addresses, date of birth and telephone numbers of women who had asked for advice. They were later fined over £200,000 by the Information Commissioner’s office.
If you are unsure of what is meant by malware intrusions, you can find some further information on our partners, The CyberBee website.
Accidental data loss or misuse doesn’t have quite the same ‘scare’ factor as hacking or malware. However, it does seem to be a major pitfall for many organisations. For example; the Nursing and Midwifery council- a well-known national charity, was fined £150,000 after it lost three unencrypted DVD’s containing confidential personal information.
Data does not necessarily have to be lost to be in breach of any regulations. A member of staff may accidentally send personal information to the wrong person and it could easily be published online.
Not all risks are caused by employees or hackers sabotaging a computer system. Charities have become hugely reliant on computers and technology in order to operate smoothly. The loss of internal systems or of a website’s functionality can mean beneficiaries do not receive the help they need, or vital fundraising revenue could potentially be lost.
On the other hand, IT system failures alongside a lack of disaster recovery planning could mean vital data or software is erased, destroyed or distorted. As a result of this, it is imperative to have a robust Risk Management strategy in place.
Every 3rd sector organisation needs advice and support which is relevant to the sector and delivers real value for money. We carry out due diligence checks on a wide range of organisations to select partners who have the capability to deliver and those who share our ethos.
You can Bee Sure that your needs will be met in a pragmatic and cost-effective way.
We provide tools, products and services to your organisation in order to enable you to demonstrate that you have done everything possible to meet your compliance obligations.
The CharityBee can help you achieve the right balance between outsourcing and internal activities to bring you maximum efficient at the best price.
Is your business vulnerable to Cyber-attacks?