Guest Blog: How do you eat a cyber elephant? One bite at a time…
Alison Stone, Third Sector Cyber Resilience Co-ordinator, Scottish Business Resilience Centre talks all things cyber, including new ACOSVO cyber initiatives.
National restrictions may be receding, but many of the effects of the global pandemic will live on including the huge expansion and acceptance of remote working. However, despite us being 18 months into this new way of working, we are seeing a steady increase in the number of charities and voluntary organisations impacted by some level of security challenge.
Recent research by the UK Government found that businesses (84%) and charities (80%) said COVID-19 made no change to the importance they place on cyber security. This concerns me on several levels – not just because the National Cyber Security Centre (NCSC) reported a rise in cyber incidents during the pandemic. This is a stark reminder that when it comes to cyber security, the best place to start is with the basics.
Undertaking some simple measures to improve your IT network security and undertaking some training and awareness for staff and volunteers is a good place to start. And never fear – a lot of this isn’t as costly or as complicated as you think it might be. It’s just knowing where to start. So, how about I give you a few starters for 10?
Protect the gateway to your data
Password protection is an aspect that can be easily underestimated. Data from Google shows that 52% of people use the same passwords for multiple accounts, and a staggering 13% use the same password for all of their accounts, which reinforces that educating people about the folly of doing this remains a priority. Organisations need to stress to their teams the importance of maintaining a secure password policy and advise on avoiding suspicious links and downloads. Consider using a Password Manager to stop that password overload. Oh, and don’t forget that three random words is the name of the game these days!
Update your software
The few minutes it takes to install a software or application update could save you lots of time in the long run by reducing your risk of a cyber-attack. Software updates released by developers often include improvements to security bugs and patches for cyber security systems, in turn improving the protection of your data. Installing updates promptly (rather than ignoring the pop-ups) makes it more difficult for cyber criminals to exploit your computer systems.
Educate yourself and your team
Training is an important tool in your armoury when combating cyber-crime. There are an abundance of free training webinars open to the third sector at the moment. Join one of the sessions offered by The Curve, go along to the LeadScotland webinar series or take it at your own pace by using the NCSC e-learning platform.