How you should be ‘Defending against Digital Risk’
Digital technology has been exceptionally beneficial for charities. It has allowed for innovation in terms of fundraising ideas, helped save time along with precious money and resources- bonuses which at one point were unimaginable.
Think of all the online apps which are free or discounted for charities, all the excellent private and public schemes. Would these have even existed without the rapid improvements of digital technology? Probably not.
On the other hand, the relentless, vicious evolution of cybercrime has highlighted just how vulnerable organisations and individuals can be online. Unfortunately, charities, in this case, provide no exception. According to the ICO, the number of charities experiencing a data breach incident has increased by over 60% on an annual basis.
The key point being…
How do you keep your charity safe from cybercrime?
What are the simple steps which you can take to give your charity a fighting chance of surviving a malicious attack?
How do you start defending against Digital Risk?
Common Types of Attack
There is a common misconception that it is generally larger organisations that tend to get targeted by cybercriminals. However, this is indeed a misconception. The National Cybersecurity Centre identifies charities as being just as vulnerable as any other organisation. This is because charities are subject to the same vulnerabilities as other organisations and businesses that conduct financial transactions. Moreover, they also tend to rely on electronically held data or information to operate daily.
The most common types of attacks are ones you’ve probably heard in the news recently, or perhaps there was an in-depth article which crept up on your facebook page but you chose to ignore.
Consequently, It is essential to be aware of the following types of cybercrime and understand how you can help defend against digital risk and cybercriminals
Basic tips for protecting your charity
Cybersecurity plans should be thorough and consider all data which is held by your charity and not just the data which you ‘think’ you use on a regular basis.
‘Only keep the data your charity will use’
It is important to minimise the number of places your charity stores personal data and reduce the volume of information you collect. Additionally, If you only retain what is necessary, you minimise the opportunities for risks to occur.
Top 4 Tips for Defending against Digital Riak
- Safeguard your data: This means locking away physical records with any private information, restricting employee access to records and conducting employee and volunteer background checks. Moreover, never give temporary employees, volunteers or any third party vendors access to personal employee or customer information.
- Clearing out old files: Be mindful of the private information which is held offline. To safeguard records your charity no longer needs, it is important to dispose of them safely. It is advisable to cross-cut shred paper files and destroys old disks (CD’s & DVD’s) Moreover, before disposing of any old hard drives, use software which is specifically designed to permanently wipe the drive clean- or physically destroy it yourself!
- Restrict system use to charity activity: Restrict employee and volunteer usage of computers to charity activities only. It is worth avoiding file sharing on peer to peer websites and blocking access to inappropriate websites. Moreover, login accounts should be personal and not shared. Senior management should be able to control access so staff members can only interact with data that they need.
- Manage the charity’s use of portable media: Only allow encrypted data to be downloaded to portable storage devices. This provides effective protection against unauthorised or unlawful processing. Moreover, restricting the use of physical ports can also improve security.
The Consequences of a cyber attack
So you implement all the previously mentioned steps(or maybe you don’t), yet your charity still ends up on the receiving end of a nasty cyber attack. Not a nice thought is it?
The normal damage of a cyber attack on an organisation tends to be a loss of data. The average price per record breached for organisations in the UK is said to be £98 and for a public sector organisation, £59 per record.
Imagine your charity holds 10,000 donor or service records. The combined cost? £590,000
Could your charity or organisation afford to fork out such a sum of money?
Attacks on your reputation
Direct financial repercussions are not the only worry when it comes to the aftermath of a cyber attack for an organisation. Following a cyber attack, a charity may experience bad press and therefore, a fall in public trust. A charity’s reputation can be and usually is fragile. Imagine spending years building high levels of public trust for it all to be destroyed in one swift cyber attack?
Moreover, a cyber risks contingency plan should be prepared in order to address the protocol in case of an attack. This should include information like emergency telephone numbers and need-to-know contacts.
Reducing the consequences?
Cyber Insurance can help your charity to deal with some of the consequences which occur as a result of a cyber attack. It is for this reason that cyber insurance is known as an excellent option for a ‘second line of defence’ when defending against digital risk. Not only can insurance help cover any costs, but a comprehensive policy will also support your charity’s longer-term access to professional help.
Some common features of cyber insurance are:
- Costs of dealing with data breaches
- Cost of legal defence from cyber liability claims
- Cost of professional IT and forensic services
- Cover for loss of income from a cyber event.
Some Concluding Comments
Defending against digital risk is a common objective for charities, individuals and organisations. As technology continues to evolve, the risk of being compromised by a cyber attack does too. However, so does our knowledge on how to deal with such risks.
The best way to deal with the risks of cybercrime and defend against digital risks is to educate everyone within your organisations of the risks. Whilst threat assessment for UK charities is still unclear, there is no doubt that your charity is vulnerable. Keep your charity safe by training your staff and then have cyber insurance as a ‘second line of defence’
For the sake of your charity, it really is worth ‘defending against digital risks’