If charities know they need a cybersecurity plan, why do so few have one? » Charity Digital News

If charities know they need a cybersecurity plan, why do so few have one?

Eve Josephs, UK Responsibility Manager at Microsoft, has written an interesting guest post asking why, if charities know they need a cybersecurity plan, so few have one?

Writing for the Digital Leaders website to coincide with Cyber Resilience Week (11-15 September), Eve asks whether, despite that fact that there are more digital threats today than ever, more needs to be done to help the wider charity workforce understand the need to invest in it and if charities really understand the help that’s available?

“Although it can take significant time for an organisation to improve its capacity to respond to cybersecurity challenges, existing resources can help – for example the Government’s Cyber Essentials Scheme,” she says. “There is no charity-specific standard for cybersecurity; charities are expected to use the same, well-established, risk-based approach to cybersecurity management that other organisations use.”

The post goes on to look at common vulnerability trends – two of which are ransomware and data breaches, and then looks at ways to tackle organisational awareness.

“One of the most significant challenges that data protection law poses to charities is around broader organisational awareness of how data is managed,” Eve says. “For instance, how many databases do you have containing donors’ personal information? Where is this stored? Do your volunteers or employees share sensitive data on USB sticks?”

A few basic steps charities can take to protect themselves from cybercrime are then detailed, before more is mentioned about the resources available, including Microsoft’s Nonprofit Guidelines for Cybersecurity and Privacy white paper.

Related reading