Questions to ask about cyber-security
We look at some of the guidance available to help tackle cyber-security issues.
Many charities have reacted quickly to the constraints imposed by COVID-19, adjusting their ways of working to keep their organisation active and delivering keys services in communities and across the nation. In many cases, this has meant placing greater reliance on digital technology. With the pace of change it would be easy to ignore the need for good cyber security. However with any period of change and uncertainty, criminals will never be far away in their attempts to manipulate the situation.
We look at some of the resources we've released to help.
The National Cyber Security Centre (NCSC) has released guidance to help make sure your charity stays secure.
Transitioning from a physical to an online presence is new for many organisations. Even if organisations have been operating online for some time, it is likely that the nature and priority of the IT services and support they require has changed.
This could be due to increased numbers of staff or volunteers working from home, a rise in the number online transactions, and the use of video conferencing software in place of face-to-face meetings.
To help you understand risks and identify areas of improvement, the NCSC guidance encourages you to ask six questions:
· What technology do you use already?
· Are you using cloud services?
· Do you have access to IT support?
· What cyber security measures do you have in place?
· Are there any regulations you need to follow?
· Do you have cyber insurance?
More specifically, here is some guidance on some particular issues.
The COVID-19 lockdown means many organisations are using home working on a greater scale. With more staff now working remotely, video conferencing has an obvious role to play. However, you will no doubt have read news stories detailing various security issues or concerns about different platforms. These stories can often be confusing, so the NCSC has developed vendor agnostic guidance to help you select, configure and securely implement video conferencing services.
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.
During this period of uncertainty, a ransomware attack could have significant consequences for your charity, in part because staff may not be able to respond to the incident as quickly or effectively. It’s important therefore to make sure you are following this guidance which will help you to reduce:
· The likelihood of becoming infected
· The spread of malware throughout your organisation
· The impact of the infection
Further advice and guidance
To find out more about the NCSC and other guidance they have available please visit www.ncsc.gov.uk