Cyber Security & Information Governance

Cyber Security is a key risk for organisations of all sizes.   NICVA is developing a range of measures to support voluntary and community organisations that want to improve their cyber security capability.  

Cyber Security & Charities

Cyber security is the means by which individuals and organisations reduce the risk of becoming victims of cyber attack. Protecting data, systems and finances is important for everyone. 

Charities, voluntary, community and social enterprise organisations often hold sensitive data and rely on technology to provide support and services.

Organisations of all sizes are vulnerable to user accounts and systems being compromised which can lead to serious incidents such as data breaches and ransomware attacks.

Small volunteer led community organisations are just as vulnerable as major charitable organisations and should ensure that good basic cyber security practice is followed.

There is also a growing expectation that organisations can assure partners and stakeholders that adequate cyber security measures are in place.  Attackers can use weak points in a service supply chain to gain a foothold that allows them to move towards key targets.

Board responsibility and organisation culture

Good cyber security is central to an organisation's health and resilience, and this places it firmly within the responsibility of the Board.

Data protection regulation requires that organisations take appropriate technical and organisational measures to protect personal data.   Check out the NICVA Data protection toolkit

The board/trustees should work with senior management to identify risks and protection measures to put in place. Organisational polices are important but should be reinforced with a culture where everyone is encouraged to be curious and vigilant with cyber practice.

People should be encouraged to report suspicious issues regardless of pressures of work and deadlines. Taking time to flag an issue before it turns into a serious incident – prevention rather than cure.

What can you do

Cyber security is a risk for organisations and a governance issue - it’s not just for the techies / IT.  Most organisations will have data protection policies and procedures in place along with risk assessment processes. It can be helpful to integrate cyber security risk management into existing processes.

The National Cyber Security Centre (NCSC) distils knowledge and practical advice for organisations and individuals that can help to shape your next steps.  The NI Cyber Security Centre provides local engagement, advice and support.

The Cyber Security: Small Charity Guide will help to significantly increase your protection from the most common types of cyber-crime.

Use the Board Toolkit to help frame discussions about cyber security and inform discussion between the Board and any technology support / suppliers. The toolkit includes an introduction to Cyber Security and legal and regulatory aspects of cyber security Check out five resources for building cyber security in small organisations.

Book a Cyber Security one hour clinic to discuss appropriate next steps for your organisation

Encourage your staff and volunteers to take the free NCSC 30 minute online training course

Consider the Cyber Essentials accreditation framework to benchmark your organisation and provides assurance to your partners

Engage with the NI Cyber Security Centre


Free cyber security support and accreditation for small charities

The National Cyber Security Centre is offering a fully funded scheme to help organisations in the voluntary and community sector to get Cyber Essentials Plus certification.

Fully Funded Scheme for Cyber Essentials Certification for charities

The National Cyber Security Centre is offering a fully funded scheme to help organisations in the Voluntary and Community Sector get Cyber Essentials Plus certification. This is delivered in NI by Vertical Structure.

Accredited Online Cyber Security training opportunity from Belfast Met


Belfast Met are providing an opportunity for voluntary, community, charities and social enterprises to attend a five day Cisco Cybersecurity Essentials accredited course delivered online.  

Cyber Security Clinics: Book an Appointment

Book a free one-hour cyber security clinic appointment to work out appropriate next steps for your organisation to improve its cyber security practice.

Cyber security month: time to raise awareness

October is Cyber Security Awareness Month and an opportunity for individuals and organisations to improve their cyber security knowledge, understand the online threats they face and the steps that can be taken to reduce risks.

Share your COVID-19 support service information

Organisations providing support to people and communities during the COVID-19 emergency can share their service information

> Share your support