September 14 @ 3:30 pm - 4:30 pm
It’s no surprise that cybersecurity is a priority for most charity-technology leaders today, but does the wider charity workforce understand the need to invest in it?
With more digital threats today than ever, it’s important that charities put plans in place to mitigate potential risks and address any skills shortfalls, regardless of perception.
Although it can take significant time for an organisation to improve its capacity to respond to cybersecurity challenges, existing resources can help – for example the Government’s Cyber Essentials Scheme. There is no charity-specific standard for cybersecurity; charities are expected to use the same, well-established, risk-based approach to cybersecurity management that other organisations use.
When thinking about establishing digital security, the first step is to familiarise yourself with the most common threats today – two of which being ransomware and data breaches.
One of the most significant challenges that data protection law poses to charities is around broader organisational awareness of how data is managed. For instance, how many databases do you have containing donors’ personal information? Where is this stored? Do your volunteers or employees share sensitive data on USB sticks?
Over the years, some organisations have shown a lack of sufficient awareness of data-protection obligations and risks of non-compliance, but they can start mitigating this risk with a few basic steps:
These steps are just the beginning. If overhauling your cybersecurity and data-protection strategy (or creating one from scratch) seems like an overwhelming task, there are resources out there to help, such as Microsoft’s Nonprofit Guidelines for Cybersecurity and Privacy white paper (above).
Cameron Birge, Humanitarian Response Manager, Microsoft and Eve Joseph, UK Responsibility Manager, Microsoft take you through the key components to start your charity’s journey to greater resilience: