Cyber Safe Charities

The ‘Cyber Safe Charities’ offer, was a week-long campaign, 29th April – 3rd May 2019, during which the IASME Consortium and participating Certification Bodies (including Grefield Consultancy Services Ltd.) encouraged registered charities to improve their resilience to on-line threats, including offering a discount for Cyber Essentials and IASME Governance certifications.

In May 2017, the WannaCry ransomware dominated global headlines bringing the reality of cyber-crime to the attention of Boardrooms on an unprecedented scale. With extensive data, including the Crime Survey for England and Wales, showing an upward trend in cyber-crime, it is highly unlikely that WannaCry will be the last cyber-crime headlines we’ll see.

As press coverage predominantly focuses on household names, it is easy to think these 21st Century cyber-threats only affect large businesses. Sadly, this is not the case as all too many SMEs can testify.

Charities are particularly vulnerable. Through holding the personal information of donors and benefactors, the cyber-criminal finds the third sector an attractive target for reasons other than fraudulently accessing their financial assets. In August, the Department for Culture, Media and Sport published their research on registered charities awareness and experiences of cyber-crime. The aim of the research is to inform Government as how they can develop support for the charitable sector to help make them safer online and help protect the important data charities hold.

Addressing resilience within charitable organisations can be a challenge. Many remain blissfully, yet dangerously, unaware that they are potential victims of a crime which can have devastating consequences. For others, finding the necessary resource and knowledge to implement appropriate protections can prove difficult for trustees or Chief Executives.

The IASME Consortium, a leading Accreditation Body for the government backed Cyber Essentials certification scheme, launched a week-long campaign aimed at encouraging registered charities to improve their resilience to on-line threats. Together with participating licensed partners, the IASME Consortium offered discounted certifications on schemes which demonstrate charities have effective and recognised best practice and protections in place. IASME’s support for the third sector was timed to coincide with ‘Cyber Resilience Week’.

The IASME Consortium package includes the widely recognised and supported Cyber Essentials scheme. This scheme assesses against the implementation of simple controls in five simple technical areas. Its effectiveness means Cyber Essentials is already a pre-requisite for many government and private sector tenders.

The 5 technical controls are anti-malware, access control, patching, secure configuration and firewalls. These are the five key areas identified as those which, had controls been in place, would have prevented the majority of internet born attacks over recent years.

IASME also offered its own award winning governance standard as part of the promotion. IASME Governance, which includes a Cyber Essentials assessment and an optional GDPR readiness check, is an information security management standard which is more practical for SMEs than the traditional ISO27001. Taken simultaneously with Cyber Essentials, IASME governance covers additional protections such as physical security, data back-ups and staff awareness.

Dr Emma Philpott, Chief Executive of The IASME Consortium stated, “Charities work tirelessly to secure donations for fantastic causes. Having the right safeguards against unscrupulous cyber activity can help protect the donations and also any sensitive information such a charity might hold. The security of personal data, of both donors and benefactors, will become even more significant when considering the enhanced data protection laws.”

The IASME Consortium trains and licenses a network of certification bodies including Greyfield Consultancy Services Ltd.
Ian Wills, on behalf of Greyfield Consultancy Services Ltd., stated, “We had no hesitation in participating in this campaign. Our society benefits so much from the hard work of our Charities that we want to help ensure that every available penny goes to where it can make a real difference.”
Eligible charities can find further information and apply via cyber-safe-charities./