Why Prioritising A Cyber Security Health Check Is Worth It

We take a look at how increased digital working, the risk of cyber security breaches and the need for greater confidence in approaches to cyber security are impacting charities.

Increase In Digital Working

The accelerated digitisation experienced by the charity sector over the past few years has been embraced not only in the UK but across Europe and looks set to stay. The digital transformation of charity working practices is becoming increasingly necessary and Charity Digital have highlighted in The future of digital transformation that digitisation can benefit charities as part of:

Raising greater funds

Providing better services

Increasing trust and transparency

Improving in-house efficiency

Cyber Security

And with this sharp increase in digital practices there is an increased need to strengthen cyber security knowledge, understanding and processes within the sector. It’s important to have an awareness that cyber security breaches do pose a serious threat to charities. The Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2021 found that a quarter of charities (26%) reported having cyber security breaches or attacks in the last 12 months of which 18% led to a loss of money, data or other assets.

Do Charities See This As A Key Priority?

Charity Digital teamed up with The National Cyber Security Centre (NCSC) to produce The state of cyber security in the UK charity sector report in which they point out that charities have always been at particular risk from cyber threats because of the wealth of data they hold. The report found that nearly all charities (98%) said cyber security was either ‘important’ or ‘very important’ to them but that charities ‘did not rate their capabilities at the same level, due to uncertainty, lack of strategy, and, in smaller charities, a lack of confidence in their approach’. If this is something you can relate to The Cyber Security: Small Charity Guide is an excellent place to begin and there are further training options and resources from The NCSC that we recommend here.

Cyber Security Health Check

We’ve put together a 3-step cyber security health check which takes very little time but can improve your cyber security significantly.

1. Require that Lamplight System Administrators add two-factor authentication to their Lamplight accounts

Two-factor authentication significantly improves the security of your accounts.

In Lamplight go to Admin > System Administration > Enable two-factor authentication and (re)generate secret.

Also consider adding two-factor authentication to your email (think about how many password resets go to your email).

2. Create A Password Policy

A password policy enforces length and/or complexity of your passwords. If you already have a policy for passwords in your organisation you should be able to implement it in Lamplight.  If not, then ‘three random words’ or a password manager are good advice. Go for a ‘minimum length’ password policy to make sure that passwords are at least 12 characters long. You can see how strong a password is depending on the number and combination of characters you include.

3. Review current operators

Check that the people who have logins to your Lamplight system are the people that should have access to your system. We’ve put together further detail on the importance of reviewing your Lamplight operators regularly.

What Next?

Having cyber security as an ongoing focus for the whole team is worthwhile and utilising high-quality resources such as those put together by the Lloyds Bank Foundation in partnership with the Lloyds Banking Group’s Chief Security Office help to make this achievable. Having somebody on your team follow @NCSC on Twitter can also help you to stay up to date with cyber security information as it develops.

It’s important to know too that of all the cyber security breaches reported by charities, phishing attacks are the most common by far are (79%). Why not share this useful infographic from the NCSC as a great starting point for supporting your whole team. It includes tips about how to spot the most obvious signs of phishing as well as advice on what to do if you think you’ve already clicked a bad link.

Opening up the conversation about cyber security and sharing knowledge regularly with your team can mean that, although not 100% avoidable, cyber attacks can be something your team can feel better protected against and better prepared for.