Advice for those experiencing cyber attacks

We are all increasing aware of the risk of cyber attacks on our organisations and the damage that they can have.

It is vitally important that we follow best practice in cyber security and that we do all we can to assess and manage this risk. The Voluntary and Community Sector is often at higher risk due to the sensitive personal data that organisations hold about their service users which can make them a target for randsomware attacks.

This can be seen in the example in April 2023 with the private company in Derry/Londonderry, Evide, that manages data for about 140 organisations across the island of Ireland and the UK. Evide was targeted in a ransomware attack and hackers stole personal data from charities and community groups across NI. The PSNI were involved and advised charities on what to do to minimise impact.

We all need to take action to ensure we have high levels of cyber security processes in place, we are checking them on a regular basis, it is part of our risk registers and we are doing all we can to prevent such attacks taking place. We also need to be prepared in case it does happen, and know what action to take and where to seek help.

We need to examine our relationships with all contractors and third party organisations, as we are still the data controllers and have ultimate responsibility. 

Guidance on all these issues is available through National Cyber Security Centre, Police Service for NI and The Information Commissioners Officer, as well as on the NICVA website.

National Cyber Security Centre and PSNI Cyber Crime Centre

PSNI Cyber Crime Centre - Guide to Charities and Small Organisations Services - this includes information and helpful guidance on a range of cyber security issues facing charities. The direct links are provided below:

National Cyber Security Centre (NCSC) Small Charity Guide

NCSC Response and Recovery Guide

Phishing Attacks - defending your organisation

Phishing - Spot and report scam email, texts, websites and calls

Protecting bulk personal data

Supply Chain Security Guidance

Data breaches guidance for individuals and families

The Information Commissioner's Office 

The Information Commissioner's Office (ICO) have useful information and guidance on a range of issues on their website.

Data Breaches identification and obligations

What to include in contracts with third parties

Contracts and liabilities between data processors and controllers

How to assess and gain confidence in your supply chain security

NICVA

NICVA is working closely with NICSC, PSNI, ICO and Vertical Structure to provide advice, support and training on information governance, GDPR and cyber security. We have held training sessions and offered clinics as well as promoted the funded support for Cyber Essentials, which 49 Voluntary and Community Organisations in Northern Ireland have engaged in to gain accreditation.

We are planning further training sessions with NICSC and PSNI in Autumn 2023.

Some resources tailored for the sector are available on our website.

Five resources for building cyber security

Introduction to Cyber Security

Cyber security actions

Information governance and cyber security webinar recording

GDPR Hub