Cyber Safe Charities
In May 2017, the WannaCry ransomware dominated global headlines bringing the reality of cyber-crime to the attention of Boardrooms on an unprecedented scale. With extensive data, including the Crime Survey for England and Wales, showing an upward trend in cyber-crime, it is highly unlikely that WannaCry will be the last cyber-crime headlines we’ll see.
As press coverage predominantly focuses on household names, it is easy to think these 21st Century cyber-threats only affect large businesses. Sadly, this is not the case as all too many SMEs can testify.
Charities are particularly vulnerable. Through holding the personal information of donors and benefactors, the cyber-criminal finds the third sector an attractive target for reasons other than fraudulently accessing their financial assets. In August, the Department for Culture, Media and Sport published their research on registered charities awareness and experiences of cyber-crime. The aim of the research is to inform Government as how they can develop support for the charitable sector to help make them safer online and help protect the important data charities hold.
Addressing resilience within charitable organisations can be a challenge. Many remain blissfully, yet dangerously, unaware that they are potential victims of a crime which can have devastating consequences. For others, finding the necessary resource and knowledge to implement appropriate protections can prove difficult for trustees or Chief Executives.
The IASME Consortium, a leading Accreditation Body for the government backed Cyber Essentials certification scheme, launched a week-long campaign aimed at encouraging registered charities to improve their resilience to on-line threats. During the week 29th April to 3rd May 2019 the IASME Consortium, together with participating licensed partners, had offered discounted certifications on schemes which demonstrate charities have effective and recognised best practice and protections in place.
The IASME Consortium package includes the widely recognised and supported Cyber Essentials scheme. This scheme assesses against the implementation of simple controls in five simple technical areas. Its effectiveness means Cyber Essentials is already a pre-requisite for many government and private sector tenders.
The 5 technical controls are anti-malware, access control, patching, secure configuration and firewalls. These are the five key areas identified as those which, had controls been in place, would have prevented the majority of internet born attacks over recent years.
IASME also offered its own award winning governance standard as part of the promotion. IASME Governance, which includes a Cyber Essentials assessment and an optional GDPR readiness check, is an information security management standard which is more practical for SMEs than the traditional ISO27001. Taken simultaneously with Cyber Essentials, IASME governance covers additional protections such as physical security, data back-ups and staff awareness.
Dr Emma Philpott, Chief Executive of The IASME Consortium stated, “Charities work tirelessly to secure donations for fantastic causes. Having the right safeguards against unscrupulous cyber activity can help protect the donations and also any sensitive information such a charity might hold. The security of personal data, of both donors and benefactors, will become even more significant when considering the enhanced data protection laws.”
The IASME Consortium trains and licenses a network of certification bodies including Greyfield Consultancy Services Ltd.
Ian Wills, on behalf of Greyfield Consultancy Services Ltd., stated, “We had no hesitation in participating in this campaign. Our society benefits so much from the hard work of our Charities that we want to help ensure that every available penny goes to where it can make a real difference.”
Although the discount offer has now expired, charities can still find further information on cyber protection and apply via cyber-safe-charities.