Are your data security measures good enough?
13 November 2023
David Green

One-in-three charities are the victims of cyber crime

A data security breach in your charity can be very costly. It’s not just the theft of data or money that will hurt, but also damage to your reputation. Then there is the likely hurt caused to your beneficiaries whose data is stolen. If that wasn’t enough, you are quite likely to face a sizeable fine from the Information Commissioner’s Office for failing to protect the security of your data.

 

But we’re a small local charity I hear you say, so why should we worry about being hacked? Surely the risk of cyber-attack is greater for big organisations?

 

Unfortunately, it is the small charity that provides the easiest opportunities for cyber criminals. Poor protection, perhaps arising from a lack of cyber awareness and lack of resources, makes a small charity “low hanging fruit” in the mind of the hacker. 

 

No surprise then that cyber-crimes on charities are so common. A survey published by the UK Department for Digital, Culture, Media & Sport found that nearly one in three charities had been the victim of cyber-crime last year, with one in five of these having a negative outcomet. 

 

But detecting a hack isn’t always that easy and is often discovered when it’s too late. Indeed, it is believed that the average hacker stays hidden in a network for 140 days before being discovered.

 

So, what can small charities do to protect against cyber criminals. Here are some basic steps:

 

1. Educate and raise awareness: Ensure that all of your team are educated about the risks of cyber-attacks and the importance of data security. This includes training on how to identify phishing emails, use strong passwords, and avoid clicking suspicious links.

 

2. Implement strong security measures: Install firewalls, antivirus software, and other security tools to protect and monitor your network and systems from potential threats. Regularly update these tools to stay protected against the latest vulnerabilities.

 

3. Secure your data: Encrypt sensitive data and regularly back it up to offsite locations or use cloud storage. This will ensure that even if your systems are compromised, you can still recover your data.

 

4. Secure your mobile devices and laptops: Use strong passwords, fingerprint or face recognition; enable location tracking, and facilitate remote access lock/data erasure. Encrypt data where possible. Don’t use insecure public WiFi.

 

5. Use two-factor authentication for accessing sensitive information or systems: This adds an extra layer of security by requiring additional verification, such as a code sent to a mobile device.

 

6. Regularly update software: Keep all software, including operating systems and applications, up to date with the latest security patches. Outdated software can have vulnerabilities that hackers can exploit.

 

7. Restrict physical access to processing operations and IT equipment: Make sure just properly-trained team members have access and ensure visitors are properly supervised. Don't leave mobile devices unattended.

 

8. Create a response plan: Develop an incident response plan that outlines the steps to be taken in the event of a data breach or cyber-attack. This will ensure a more effective response. For organisations in Scotland there is an Incident Response Helpline you can call. There is also a page on gov.uk for guidance on reporting incidents in the UK and Channel Islands,

 

9. Regularly assess and review security measures: Conduct regular security assessments and audits to identify any weaknesses or gaps in your security measures. Address these issues promptly to maintain a strong defence against cyber threats.


10. Finally, dont forget your Supply Chain: Collaborate with suppliers and partners and build data secuirity responsibilities and assurances into your contracts where possible.

 

Remember, data security is everyone’s concern. It requires a collective effort from all in the organisation to ensure the safety of your data. By following these basic steps, small charities can reduce the risk of falling victim to cyber criminals and protect their reputation and beneficiaries.

graphic showing a hand preventing a row of books from falling.

Your risk register is a vital document, please don't ignore it

by David Green 15 July 2024
The importance of risk management cannot be overstated. It is an essential aspect of charity governance, helping trustees to act in the best interests of their organisation. So what is involved? Ideally, you will have a risk register. This will serve as a compass, guiding your trustees through the unpredictable waters of potential hazards. It's a comprehensive document that identifies, assesses, and prioritises risks that could impede the achievement of an organisation's objectives. These risks can range from financial uncertainties and operational setbacks to reputational damage and regulatory compliance issues. In particular, it should also suggest options for avoiding or mitigating each risk. By regularly reviewing your risk register, the trustees will be in a much better place to assess emerging threats and review the severity of existing risks. Not surprisingly, developing your register requires a thorough assessment of all anticipated risks. Common risks faced by charities include financial mismanagement, fraud, reputation damage, cybersecurity threats, regulatory compliance issues, loss of key personnel, and loss of funding. But there will likely be others specific to your circumstances. So your assessment of risk should cover internal processes, external factors, beneficiary and other stakeholder expectations to create a comprehensive risk profile. Once risks are identified, the trustees must develop and implement robust risk management strategies to mitigate potential threats. This involves establishing actions to be taken, assigning responsibilities to key personnel, and fostering a culture of risk awareness and accountability within the organisation. Then once you have your risk register, regular monitoring and evaluation of risk management practices are essential. You must be ready to adapt to new and evolving risks and ensure the effectiveness of mitigations you have put in place. In conclusion, charity risk management is a vital process that requires proactive identification, assessment, and mitigation of risks to safeguard the mission and reputation of the organisation. By implementing effective risk management strategies, charities can enhance their resilience, build trust with beneficiaries and other stakeholders, and continue making a positive impact on the communities they serve.
graphic of people in different patterns and colours

Integrating Equality, Diversity and Inclusion into Service Delivery

by David Green 21 April 2024
In today's interconnected world, every organisation, regardless of size, should be promoting equality, diversity, and inclusion (EDI). For small charities, embracing EDI principles is not just an ethical goal but also a strategic necessity to better serve their communities. So, what practical strategies can small charities adopt to enhance EDI in their service delivery? Hopefully, you are already working along these lines: Cultivate a Diverse Team : Try to improve diversity within your charity's team. Where possible seek candidates from different backgrounds, cultures, and experiences to bring varied perspectives and insights that reflects the communities you serve. Establish Inclusive Policies and Practices : Develop clear policies that uphold equality and inclusion. Include anti-discrimination measures, flexible working arrangements, and accessibility measures for full participation. Engage with the Community : Build strong connections with the communities you serve. Where practical, aim to be more user-led. Gather input from beneficiaries and other stakeholders through community forums, social media, or surveys to tailor services effectively. Provide Training and Education : Invest in training to raise awareness of EDI issues among staff and volunteers. Cover topics like unconscious bias, cultural competence, and inclusive communication. Offer Culturally Relevant Services : Customise services to reflect the community's diversity. Provide materials, where appropriate, in different languages, incorporate cultural traditions, and offer specialised support for different demographic groups. Foster Partnerships and Collaboration : Collaborate with organisations sharing EDI commitment to address inequalities collectively. Share ideas and expertise for more effective interventions and a broader reach. Monitor and Evaluate Progress : Establish ways to monitor and evaluate EDI efforts. Assess team diversity, gather user feedback, and track outcomes to refine strategies over time. Integrating EDI principles into service delivery takes commitment, but if it leads to better engagement and outcomes, it will be worth the effort. Indeed, such an approach should mean that regardless of background, your beneficiaries have access to the support and opportunities they need to thrive.
Person shaking hands with digital arm coming out of computer screen.

Should charities use AI?

by David Green 15 March 2024
Creating content with artificial intelligence
Photo of desk showing coffee, bag and laptop

The Pros and Cons of Hybrid Working

by David Green 13 March 2024
Post-COVID many organisations introduced a hybrid mixture of home and office working. But what are the pros and cons? The pros of hybrid working: Increased flexibility: Hybrid working allows staff to have a better work-life balance by giving them the flexibility to work from home on certain days. This can be particularly beneficial for those with long commutes or personal commitments. Improved productivity: Studies have shown that home working can increase productivity due to fewer distractions and interruptions in a home environment. Hybrid working allows staff to choose the most suitable environment for their tasks, leading to increased focus and efficiency. Cost savings: Hybrid working can result in cost savings. Staff can save money on commuting expenses, and meals etc. Employers can also save on office space and related expenses. Reduced environmental impact: With fewer people commuting to the office every day, hybrid working can contribute to a reduction in carbon emissions and traffic congestion, leading to a positive environmental impact. Enhanced satisfaction and retention: Offering hybrid working options can improve staff satisfaction and morale. It shows that the organisation values work-life balance and trusts staff to manage their time effectively. This, in turn, can lead to higher employee retention rates. The cons of hybrid working: Communication challenges: Hybrid working can create communication gaps between those in the office and those working at home. It may be more difficult to collaborate, share information, and maintain team cohesion, especially if not all staff have access to the same communication tools. Potential for decreased collaboration and innovation: In-person interactions often foster collaboration, creativity, and innovation. Hybrid working may limit spontaneous brainstorming sessions, informal conversations, and face-to-face problem-solving, which can hinder the development of new ideas. Blurred work-life boundaries: While hybrid working offers flexibility, it can also blur the boundaries between work and personal life. Some individuals may find it challenging to switch off from work when they are constantly connected to their home office. Inequality and fairness concerns: Hybrid working may not be feasible or accessible for all staff. Those with limited access to technology, suitable home working environments, or caregiving responsibilities may face disadvantages, leading to potential inequality and fairness concerns. Potential for decreased employee engagement: Without regular face-to-face interactions, some may feel isolated or disconnected from their colleagues and the organisational culture. This can impact engagement, motivation, and overall job satisfaction. Reinforcing existing prejudices and discrimination: Research by the TUC found that perceived issues with work commitment led to closer monitoring of hybrid workers from black and minority ethnic communities. The same study also found that hybrid working led to some people working longer and constantly being available in order to cope with increasing workloads or to prove their worth. It is important for organisations to consider all these pros and cons when implementing hybrid working and to find ways to address the potential challenges to ensure a successful transition. A good hybrid working policy can set out how such challenges can be avoided or overcome. For charities, a big problem is a lack of investment in IT. Traditionally, the private sector has had deeper pockets when it comes to installing the infrastructure needed for home based working. If charities are to deliver successful hybrid working, then they need to ensure their staff and volunteers have the technology and Internet speeds that will enable them to work smoothly from home as well as the office. What’s more, they must ensure their staff are trusted, treated fairly and feel supported. Involving staff (or their trade union) in the design of hybrid working systems, and staying in touch can help to anticipate and deal with any problems. As such, charities should ensure that communication within their team is as seamless as possible. Indeed, once hybrid working arrangements are up and running, regular monitoring is essential for success.
More posts
Share by: