Posted 24 April 2017 By Steve Fraser, Partner
Cyber security is a threat to everyone, and therefore vigilance and care is needed to ensure that you have adequate protection in place. Charities are sometimes viewed as easy targets, as they tend to spend a lower amount on security compared to similar-sized organisations.
Whilst a lot of media attention seems to focus on hacking of large organisations or hackers getting a thrill out of breaching security systems, the majority of businesses find that their own staff are the root cause of security issues. They may inadvertently open an email that appears to come from an official source, but is in fact someone trying to get financial or business information or requesting a payment against a spurious invoice. Mobile workers often carry out work on their laptops during train journeys, with no awareness of who is around them, and the confidentiality of what they are displaying on the screen!
They are given privileges to access systems and data, and their usage of those systems and data is not monitored and reviewed on a regular basis. Inadequate training on handling data, and how they should look after their passwords, allows opportunities for your information to be misused.
Other risks arise from the use of out-of-date software and unsupported computer operating systems, such as Windows XP. The issue here is that the suppliers of this software and equipment no longer provide regular updates, so there is no opportunity to safeguard those systems against the latest viruses and security issues.
So – how can you mitigate and manage these risks? Firstly, by educating your staff about cyber security, why they are a key resource in maintaining your resilience to phishing attacks, and the importance of choosing passwords carefully and changing them frequently. You should also review your processes, to make sure there are regular requirements for password change, and for checking your staff’s access to systems and data (e.g. do they still need that access? Have they got a high level of access that’s not appropriate for their role?) It is also essential to look at the age of the software, computer hardware, and operating systems you use, and identify alternative products or later versions that will reduce your vulnerability to cyber security.
With appropriate safeguards in place, the more resilient your charity will be!
To discuss this or anything else please contact Steve Fraser on 01793 818300 or send him an email.