In May this year, the WannaCry ransomware dominated global headlines bringing the reality of cyber-crime to the attention of Boardrooms on an unprecedented scale. With extensive data, including the Crime Survey for England and Wales, showing an upward trend in cyber-crime, it is highly unlikely that WannaCry will be the last cyber-crime headlines we’ll see.
As press coverage predominantly focuses on household names, it is easy to think these 21stCentury cyber-threats only affect large businesses. Sadly, this is not the case as all too many SMEs can testify.
Charities are particularly vulnerable. Through holding the personal information of donors and benefactors, the cyber-criminal finds the third sector an attractive target for reasons other than fraudulently accessing their financial assets. In August, the Department for Culture, Media and Sport published their research on registered charities awareness and experiences of cyber-crime. The aim of the research is to inform Government as how they can develop support for the charitable sector to help make them safer online and help protect the important data charities hold.
Addressing resilience within charitable organisations can be a challenge. Many remain blissfully, yet dangerously, unaware that they are potential victims of a crime which can have devastating consequences. For others, finding the necessary resource and knowledge to implement appropriate protections can prove difficult for trustees or Chief Executives.
The IASME Consortium, a leading Accreditation Body for the government backed Cyber Essentials certification scheme, is launching a week-long campaign aimed at encouraging registered charities to improve their resilience to on-line threats. Together with participating licensed partners, The IASME Consortium is offering discounted certifications on schemes which demonstrate charities have effective and recognised best practice and protections in place. IASME’s support for the third sector has been timed to coincide with ‘Cyber Resilience Week’ which runs from 11-15 September 2017.
The IASME Consortium package includes the widely recognised and supported Cyber Essentials scheme. This scheme assesses against the implementation of simple controls in five simple technical areas. Its effectiveness means Cyber Essentials is already a pre-requisite for many government and private sector tenders.
The 5 technical controls are anti-malware, access control, patching, secure configuration and firewalls. These are the five key areas identified as those which, had controls been in place, would have prevented the majority of internet born attacks over recent years.
IASME will also be offering its own award winning governance standard as part of the promotion. IASME Governance, which includes a Cyber Essentials assessment and an optional GDPR readiness check, is an information security management standard which is more practical for SMEs than the traditional ISO27001. Taken simultaneously with Cyber Essentials, IASME governance covers additional protections such as physical security, data back-ups and staff awareness.
Dr Emma Philpott, Chief Executive of The IASME Consortium stated, “Charities work tirelessly to secure donations for fantastic causes. Having the right safeguards against unscrupulous cyber activity can help protect the donations and also any sensitive information such a charity might hold. The security of personal data, of both donors and benefactors, will become even more significant when considering the enhanced data protection laws which come into force from May next year.”
The IASME Consortium trains and licenses a network of certification bodies including Capital Network Solutions based in Barry. Karl Greenfield, Head of Cyber Security on behalf of CNS, stated, “We had no hesitation in participating in this campaign. Charities do so much to help society and CNS want to help ensure that every available penny goes to where it can make a real difference.”