Charities Institute Ireland

Our Blog

Charities' Guide To Better Cyber Security

Charities in Ireland face an increase in cybersecurity threats. Cybercrime incidents are increasing, and no-one is immune. Criminals have the means and the opportunity to target organisations for extortion, financial gain, or to steal valuable data. As the rate of attacks rises, so too are the costs to recover. As well as financial losses, a security incident could harm their reputation or set back their ability to deliver services.

Charities also face the challenge of complying with the forthcoming EU General Data Protection Regulation (GDPR). That is why BH Consulting has prepared this free guide to better security. Suitable for large and small charitable and non-profit groups, it contains 10 high-level, practical steps to address their most important security concerns and protect valuable data.

1.    Audit your information

  • Understand what information you store, and where you store it

2.    Define your organisational risk

  • This lets you prioritise what’s most important and protect it on that basis

3.    Think data, not devices

  • Build a plan that focuses on protecting information no matter what IT hardware it’s on. Use encryption to ensure your most important data is safe

4.    Back up data

  • Make regular copies of your information – ideally several times daily – and store it in a separate location

5.    Install security software

  • Protect your laptops, smartphones, tablets and servers with continually updated anti-malware software on every device

6.    Implement a firewall

  • This critical protection system guards against many common security threats – but it’s just one part of a good defence, not the only solution

7.     Patch regularly

  • Most attacks target existing weaknesses. Keep all IT hardware and software up to date – especially anti-malware and firewall but also operating systems and apps

8.     Use strong passwords

  • Choosing a strong passphrase once is better than changing a bad one every 90 days. Use a password manager and enable two-factor authentication for important user accounts

9.     Conduct staff training

  • Awareness training for all staff keeps security top of everyone’s minds. Repeat regularly to foster positive security behaviour and culture, and include everyone in the organisation

10.  Manage user accounts

  • Configure your systems to prevent staff from accessing information if they don’t need it to do their work.

Your information is valuable to criminals. More importantly, your donors and stakeholders have entrusted their data to your charity. That is why it is so important to protect it. The 10 steps listed above are the first stage in improving your protection controls. We also recommend that charities should prepare an incident response plan which they can implement if a data breach occurs.

More guidance can be got from these resources:

Cyber Security: Small Business Guide

https://www.ncsc.gov.uk/blog-post/cyber-security-small-business-guide

Data security guidance from the Office of the Data Protection Commissioner

https://www.dataprotection.ie/docs/Data-security-guidance/1091.htm

Guidelines on how to respond to security breaches

https://cert.societegenerale.com/en/publications.html

Scott Kelley