Charities in Ireland face an increase in cybersecurity threats. Cybercrime incidents are increasing, and no-one is immune. Criminals have the means and the opportunity to target organisations for extortion, financial gain, or to steal valuable data. As the rate of attacks rises, so too are the costs to recover. As well as financial losses, a security incident could harm their reputation or set back their ability to deliver services.

Charities also face the challenge of complying with the forthcoming EU General Data Protection Regulation (GDPR). That is why BH Consulting has prepared this free guide to better security. Suitable for large and small charitable and non-profit groups, it contains 10 high-level, practical steps to address their most important security concerns and protect valuable data.

1. Audit your information

Understand what information you store, and where you store it.

2. Define your organisational risk

This lets you prioritise what’s most important and protect it on that basis.

3. Think data, not devices

Build a plan that focuses on protecting information no matter what IT hardware it’s on. Use encryption to ensure your most important data is safe.

4. Back up data

Make regular copies of your information – ideally several times daily – and store it in a separate location.

5. Install security software

Protect your laptops, smartphones, tablets and servers with continually updated anti-malware software on every device.

6. Implement a firewall

This critical protection system guards against many common security threats – but it’s just one part of a good defence, not the only solution.

7. Patch regularly

Most attacks target existing weaknesses. Keep all IT hardware and software up to date – especially anti-malware and firewall but also operating systems and apps.

8. Use strong passwords

Choosing a strong passphrase once is better than changing a bad one every 90 days. Use a password manager and enable two-factor authentication for important user accounts.

9. Conduct staff training

Awareness training for all staff keeps security top of everyone’s minds. Repeat regularly to foster positive security behaviour and culture, and include everyone in the organisation.

10. Manage user accounts

Configure your systems to prevent staff from accessing information if they don’t need it to do their work.

A charity’s information is valuable to criminals. More importantly, its donors and stakeholders have entrusted their data to it. That is why it is so important to protect this information. The 10 steps listed above are the first stage in improving protection controls. We also recommend that charities should prepare an incident response plan which they can implement if a data breach occurs.

More guidance is available from these resources:

Cyber Security: Small Business Guide

https://www.ncsc.gov.uk/blog-post/cyber-security-small-business-guide

Data security guidance from the Office of the Data Protection Commissioner

https://www.dataprotection.ie/docs/Data-security-guidance/1091.htm

Guidelines on how to respond to security breaches

https://cert.societegenerale.com/en/publications.html

 

 

 

About the Author: admin

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*