Charity law is changing. Click here to find out how the changes will affect your charity.

Five tips to improve your charity’s cyber safety and security

26 Feb 2024

This week is CyberScotland Week (26 February – 3 March 2024), which aims to raise awareness of important cyber security issues facing organisations across Scotland. SCVO’s Cyber Resilience Co-ordinator Alison Brogan has shared her top tips to help charities become more cyber safe and secure.

In this article, which first appeared in TFN Magazine, she explains what charities (particularly small organisations with tight budgets and limited technical expertise) can do to become more cyber resilient.

Organisations of every size have become very dependent on digital tools and platforms – to communicate, to collaborate, and to store vital data. And more and more charities are being targeted by cyber criminals, with The Richmond Fellowship being hit in the past month.

There’s a lot of technical language around cyber, and it can feel daunting. But here are five key steps that don’t require any additional budget, but will help you make meaningful progress in securing your digital systems against cyber attacks.

Start small, big impact

For the smallest organisations, The National Cyber Security Centre highlights five key actions. These are simple, practical steps which will improve your cyber security:

  • backing up your data
  • keeping mobiles and laptops safe
  • preventing malware
  • avoiding phishing attacks
  • using strong passwords.

You can find the guide on their website: Small Charity Guide.

Redo your ‘digital duct tape’

During the pandemic, lots of organisations rolled out new digital tools at speed, simply in order to keep running. This was the right thing to do during a crisis. But it means that there’s lots of ‘digital duct tape’ left over. Now is the time to go through services and tools that you are still using, and make sure that you have all the key security features switched on. And if you find services which are no longer active or in use, make sure you remove any data stored there and cancel any subscriptions that are no longer needed.

Make space on the agenda for cyber

Get your board thinking about cyber risk – in a structured way. Your board members should be asking questions about cyber risk, as part of your overall business risk. One useful framework to help with this is the National Cyber Security Centre’s Board Toolkit. This is a comprehensive set of resources to help you brief your board on the nature of cyber risks, and their responsibilities in ensuring that these risks are well managed.

Get your staff switched on

Your staff team are using IT systems, day in and day out. If you give them the right awareness and basic training, they’ll be able to spot cyber risks and take the appropriate action. There are lots of entry-level training options out there. The National Cyber Security Centre has a free e-learning module which you can even embed into your own training materials.

Preparation is key

You can reduce a lot of the stress and risk of a cyber attack by having an incident response plan prepared in advance. At its most basic, this could be a printed list of key contacts, and fallback plans for your key services that need to be restored most urgently. The CyberScotland Partnership has a free resource pack on developing your incident response plan, including checklists and templates.

You can find more cyber resilience guidance and resources on SCVO’s website.

This article first appeared in the February 2024 issue of TFN Magazine (p26).