BH Consulting is proud to announce its support of Give01Day, an initiative created to support charities as they grapple with the same security issues faced by the corporate world.
The campaign’s founder and CEO Amar Singh explains:
“Almost every charity is custodian of extremely sensitive personal information ranging from sex abuse and child abuse to health issues like cancer, mental illness and diabetes.
The problem is, in Cyberspace, most, if not all charities have this immensely personal and sensitive information exposed and often inadequately protected, making them an easy target for the cyber attacker.
One recent example is the British Pregnancy Advisory Service (BPAS), where an opportunist attacker stole sensitive information about couples and their pregnancy issues. The charity did not even know they had all this personal information and were fined £250,000 by the ICO.
We believe every charity desperately requires access to talented and skilled professionals like yourself. Why? Often charities either do not have the financial resources and the wherewithal to afford the wide range of professionals required to protect this treasure trove of personal data.
Join the cause now before another charity falls victim to a cyber dacoit who compromises them and their cause.”
The campaign, which has been in development for some time, finally received its official launch at IP EXPO on Wednesday 8 October.
In a keynote speech at Excel London, Mr Singh and our own CEO, Brian Honan, gave an introduction to the initiative with a talk entitled “Preventing the Lethal Breach : The initiative supporting Charities in Cyberspace.”
The pair outlined some of the issues faced by UK charities which face the same data handling regulations as companies, as well as fines of the same magnitude when things go wrong.
Highlighting the case of the British Pregnancy Advice Service, which was fined £200,000 by the Information Commissioner’s Office (ICO) following a March 2014 breach, Mr Singh explained the damage such a fine could do to a non-profit making organisation could be catastrophic.
At the time of that incident David Smith, the Deputy Commissioner and Director of Data Protection at the ICO touched upon the challenges faced by charities when he said:
“The British Pregnancy Advice Service didn’t realise their website was storing this information, didn’t realise how long it was being retained for and didn’t realise the website wasn’t being kept sufficiently secure.”
But of course, as Smith himself said, “ignorance is no excuse.”
That’s where the GiveADay campaign comes in – its mission is to support rather than merely help charities which may be lacking the required budget, experience or expertise in the field of information security.
Following the keynote, the official launch later continued with key advisory board members Sarah Clarke, CISO at Aviva, and Neira Jones, Independent Advisor, both highlighting how the people element is key in protecting not only charities but businesses too.
Neira highlighted how the well-known breach at US retailer Target could ultimately be put down as human error rather than anything technical, due to the fact that the incursion began at a third party refrigeration company, highlighting a need for security awareness.
Sarah continued the theme with a series of slides which enforced her own point that people are the weak link in the security chain, utilising a slide to say:
“99% of breaches are made possible by human error, willful or ignorant bypassing of controls and individuals induced (willingly or otherwise) to share access or information that benefits criminals.”
Given how people are so often the weak link in the security chain, charities in particular could really see some benefit from some basic training as well as some exposure to security awareness, both of which could be provided by even those security pros who have very little time to offer.
Also in attendance at the afternoon sessions was Mark Green, Chief Information Security Officer at Cancer Research UK, who explained how charities can be harmed not only by fines when things go wrong, but also by reputational damage, saying that philanthropic donations can go elsewhere very quickly following bad press.
Given how many data breaches we are hearing about lately, with Kmart and Dairy Queen both being in the news in the last few days, Mark’s point shows why charities are especially vulnerable and why they need help from security practitioners who can offer a little more in terms of the time they can commit to really securing such noble operations.
With the help of an advisory board that also includes Edward Tucker, Head of Cyber Security at HRMC, David West of Miller West consulting, Brian Honan, Jason Waterman and Jason Shankaradasan of Badenoch & Clark, Give01Day plans to match charities with suitably skilled security professionals who have pledged to give up their time to help solve specific cyber issues.
Aided by media partners on the advisory board, including Twist&Shout’s Jim Shields and Eskenzi’s Neil Stinchcombe, as well as Information Security Buzz, the campaign has already seen over 100 professionals commit their support.
If you feel that you can pledge some time to help support UK charities, which hold data on 3 in 4 people, you can sign up to Give01Day at http://www.giveaday.co.uk.