Close Topics

Digital Leaders runs a comprehensive program of thought leadership, white papers, lectures, salons, conferences and webinars on digital transformation for each of the topics below. You can choose to participate in the Community by following the activities of the programme against a specific topic by signing up for alerts on the sector updates and upcoming events for your priority areas.

Click on the links to access reports and register for upcoming events and participate in the topics below.

Protect your charity against cyber attacks

Written by David McNeill, Director of Digital and Connect, SCVO

You could not fail to miss the coverage of the worldwide ransomware attack over the weekend which particularly affected the NHS.

The scale of the attack, and its impact on public services, is unprecedented. However, similar attacks happen on a daily basis and third sector organisations must protect themselves from risks of operating in the digital world.

The latest UK Government Cyber Security Breaches Survey reveals nearly seven in ten large organisations have had a breach or attack. The average cost to large organisations was around £20,000, although in some cases this reached into millions.

The most common attacks are the result of fraudulent emails, coaxing staff into revealing passwords or financial information, or opening dangerous attachments. The ransomware attack over the weekend was particularly damaging as it didn’t just infect the original user, who may have opened a dangerous attachment; it was able to seek out and infect other computers on the network that had the same vulnerability.

The vast majority of these attacks are not targeted, they are random and third sector organisations are equally at risk. In September, a ransomware attack on Comic Relief took their systems down for three days. Only a few days before the NHS attack, the Queen’s Nursing Institute in England reported disruption as a result of an attack on one of their servers.

What should we do now to protect ourselves?

Follow the advice of the National Cyber Security Centre to reduce the risks to your organisation by:

  1. Keeping your organisation’s software patches up to date
  2. Using proper antivirus software services
  3. Most importantly for ransomware, backing up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else. It is recommended you back up to multiple locations, including encrypted online (cloud) services for maximum protection.

If you have any systems that are still running Windows XP, you must immediately install this patch from Microsoft and upgrade to a more modern operating system as soon as possible.

Given the heightened awareness of the risk, it is worth reminding all users of your computer networks to be wary of opening attachments or links in emails, particularly from strangers or where the language and style used seems unusual.

What should we do in the longer term? 

Cyber attacks are as great a risk as other forms of crime. Therefore third sector organisations should:

  • Ensure your information security and cyber threats are included on your risk register and monitored at Board level. Trustees should be asking: Do you we have adequate controls to defend against cyber attacks? Are we confident in our ability to recover quickly should the worst happen?
  • Consider providing regular training for staff on basic digital skills, information security and data protection.
  • Consider external accreditation, such as Cyber Essentials, to assess your defence against cyber threats.

Getting ready now will also help prepare you for the forthcoming EU General Data Protection Regulation coming in to force in May 2018. This places more responsibility on organisations to protect data or risk hefty fines. It also provides greater protection of people’s rights, as well as an opportunity to create greater trust and transparency around how organisations use personal data.

Continue to stay safe online.


This was originally published here and was reposted with permission.

Join Digital Leaders

Sign up below for invitations to events, updates and other digital transformation news.