Cyber Security Guide - Introduction

Background

The voluntary and community sector is being transformed by a digital revolution.  This provides exciting opportunities – but also important new responsibilities to protect our clients and ourselves from cybercrime.

The consequences for those who do not act will be severe – maybe existential – strong security is now a vital aspect of governance for all organisations, whatever their size.

The good news is that protecting yourself is straightforward and, in many cases, can be achieved for low or no cost. This guide sets out the steps you need to take.

NICVA’s starter cybersecurity guide should be easy to follow for anyone. It is designed to help any organisation, big or small, become cybersecure from a standing start. The changes you need to make should be quick and free of stress.

The guide is divided into three sections. This is the first one, explaining what cybersecurity is and why it is important.

The second section outlines simple steps for you to take to become cybersecure. 

The third section describes the wider measures you should also consider, which will help with both governance and funding, including how to get cybersecurity accreditation and insurance. 

Why is cyber security so important for the voluntary and community sector?

We are living through a digital revolution. The voluntary and community sector has been quick to recognise this and to identify the many opportunities it presents.

This process accelerated rapidly during the pandemic when we witnessed an explosion in online activity as organisations adapted their operating models when they were unable to meet clients, suppliers and their colleagues face-to-face.

There are many benefits to the new ways of working, not least improved productivity and less environmental damage.

As digitisation increases we are seeing an increased use of digital storage, replacing traditional paper-based alternatives.

More and more of what we do is performed online and this trend is set to accelerate still further as new apps and other technologies are developed, transforming still further how we work.

All this is exciting and brings obvious benefits but it also creates important new responsibilities – and new risks. If we are storing more data online we have to ensure it is protected, to safeguard the confidentiality of our service users.

And given that so many charities derive their incomes from government contracts, and that cyber criminals are always likely to target the most vulnerable parts of any supply chain, it is imperative that the sector acts swiftly to protect its own security.

The good news is that cybersecurity is not a mystery. All any organisation has to do is take a few simple steps to make themselves much more secure. This NICVA toolkit will help improve charities’ cybersecurity quickly and effectively. It is suitable for anyone, including complete beginners. Cybersecurity might sound intimidating – but it doesn’t have to be.

What is cybersecurity?

It is the protection of digital networks and devices from theft, damage or disruption. That means protecting your finances, your private data and the systems that help you run your organisation and its services.

That can sound daunting – but in practice cybersecurity is about easy-to-understand measures like making sure you have strong passwords, appropriate antivirus software, and that only authorised people within your organisation have access to the digital devices and platforms that you rely on.

To protect themselves, all organisations need to first make sure they take simple steps to improve their cybersecurity, and then periodically check that all those steps remain up to date.

This guide is the perfect place to start.

Is cyber security as important as physical security?

Every bit. Just as you should not leave the doors and windows open when you leave the house so you should take your responsibilities for digital security seriously too.

And those that neglect it will suffer, both financially and reputationally.

It is vital to understand that cybersecurity is now simply part of being secure in general. It is a key governance issue, given that the threats posed by cyberattacks are both real and substantial.

Anyone can fall victim to a cyberattack. That is why protection is so important.

Like any other major governance issue, cybersecurity will soon become more and more important to major funders, including government. They will want to see that organisation they support has taken the core steps to protect itself.

Why would criminals want to target charities?

Cyber criminals do not have codes of conduct. If they can disrupt you and steal from you they will regardless of what you do, so charities can expect no favours from them.

Also some will be probing for weak spots in supply chains – and they will attack those with the least protection, making unprotected charities particularly vulnerable to attack.

Because of the risks involved government and other major funders are very likely to insist that all suppliers can demonstrate that they have effective protection. In practice that is likely to mean having accreditation and insurance.

In that sense – indeed, in every sense – cybersecurity is just like the general security that charities have and would not dream of abandoning. Nobody is going to remove the front door from their building on the basis that burglaries are rare.

Cybersecurity is essential. Achieving it is straightforward. But it will require organisations to have a clear focus on their own protection. There is nothing hypothetical about the risk which needs to be factored into our thinking around governance. Now is the perfect time to take some simple steps to make your organisation cybersecure – just go to section two.

Once that is done, there are some wider measures you should also look at - including insurance and accreditation -  that will help you make the most of the fact you are now cybersecure - visit section three.