Charities in Ireland face an increase in cybersecurity threats. Cybercrime incidents are increasing, and no-one is immune. Criminals have the means and the opportunity to target organisations for extortion, financial gain, or to steal valuable data. As the rate of attacks rises, so too are the costs to recover. As well as financial losses, a security incident could harm their reputation or set back their ability to deliver services.
Charities also face the challenge of complying with the forthcoming EU General Data Protection Regulation (GDPR). That is why BH Consulting has prepared this free guide to better security. Suitable for large and small charitable and non-profit groups, it contains 10 high-level, practical steps to address their most important security concerns and protect valuable data.
1. Audit your information
Understand what information you store, and where you store it.
2. Define your organisational risk
This lets you prioritise what’s most important and protect it on that basis.
3. Think data, not devices
Build a plan that focuses on protecting information no matter what IT hardware it’s on. Use encryption to ensure your most important data is safe.
4. Back up data
Make regular copies of your information – ideally several times daily – and store it in a separate location.
5. Install security software
Protect your laptops, smartphones, tablets and servers with continually updated anti-malware software on every device.
6. Implement a firewall
This critical protection system guards against many common security threats – but it’s just one part of a good defence, not the only solution.
7. Patch regularly
Most attacks target existing weaknesses. Keep all IT hardware and software up to date – especially anti-malware and firewall but also operating systems and apps.
8. Use strong passwords
Choosing a strong passphrase once is better than changing a bad one every 90 days. Use a password manager and enable two-factor authentication for important user accounts.
9. Conduct staff training
Awareness training for all staff keeps security top of everyone’s minds. Repeat regularly to foster positive security behaviour and culture, and include everyone in the organisation.
10. Manage user accounts
Configure your systems to prevent staff from accessing information if they don’t need it to do their work.
A charity’s information is valuable to criminals. More importantly, its donors and stakeholders have entrusted their data to it. That is why it is so important to protect this information. The 10 steps listed above are the first stage in improving protection controls. We also recommend that charities should prepare an incident response plan which they can implement if a data breach occurs.
More guidance is available from these resources:
Cyber Security: Small Business Guide
Data security guidance from the Office of the Data Protection Commissioner
Guidelines on how to respond to security breaches