Are your data security measures good enough?
Nov 13, 2023
David Green

One-in-three charities are the victims of cyber crime

A data security breach in your charity can be very costly. It’s not just the theft of data or money that will hurt, but also damage to your reputation. Then there is the likely hurt caused to your beneficiaries whose data is stolen. If that wasn’t enough, you are quite likely to face a sizeable fine from the Information Commissioner’s Office for failing to protect the security of your data.

 

But we’re a small local charity I hear you say, so why should we worry about being hacked? Surely the risk of cyber-attack is greater for big organisations?

 

Unfortunately, it is the small charity that provides the easiest opportunities for cyber criminals. Poor protection, perhaps arising from a lack of cyber awareness and lack of resources, makes a small charity “low hanging fruit” in the mind of the hacker. 

 

No surprise then that cyber-crimes on charities are so common. A survey published by the UK Department for Digital, Culture, Media & Sport found that nearly one in three charities had been the victim of cyber-crime last year, with one in five of these having a negative outcomet. 

 

But detecting a hack isn’t always that easy and is often discovered when it’s too late. Indeed, it is believed that the average hacker stays hidden in a network for 140 days before being discovered.

 

So, what can small charities do to protect against cyber criminals. Here are some basic steps:

 

1. Educate and raise awareness: Ensure that all of your team are educated about the risks of cyber-attacks and the importance of data security. This includes training on how to identify phishing emails, use strong passwords, and avoid clicking suspicious links.

 

2. Implement strong security measures: Install firewalls, antivirus software, and other security tools to protect and monitor your network and systems from potential threats. Regularly update these tools to stay protected against the latest vulnerabilities.

 

3. Secure your data: Encrypt sensitive data and regularly back it up to offsite locations or use cloud storage. This will ensure that even if your systems are compromised, you can still recover your data.

 

4. Secure your mobile devices and laptops: Use strong passwords, fingerprint or face recognition; enable location tracking, and facilitate remote access lock/data erasure. Encrypt data where possible. Don’t use insecure public WiFi.

 

5. Use two-factor authentication for accessing sensitive information or systems: This adds an extra layer of security by requiring additional verification, such as a code sent to a mobile device.

 

6. Regularly update software: Keep all software, including operating systems and applications, up to date with the latest security patches. Outdated software can have vulnerabilities that hackers can exploit.

 

7. Restrict physical access to processing operations and IT equipment: Make sure just properly-trained team members have access and ensure visitors are properly supervised. Don't leave mobile devices unattended.

 

8. Create a response plan: Develop an incident response plan that outlines the steps to be taken in the event of a data breach or cyber-attack. This will ensure a more effective response. For organisations in Scotland there is an Incident Response Helpline you can call. There is also a page on gov.uk for guidance on reporting incidents in the UK and Channel Islands,

 

9. Regularly assess and review security measures: Conduct regular security assessments and audits to identify any weaknesses or gaps in your security measures. Address these issues promptly to maintain a strong defence against cyber threats.


10. Finally, dont forget your Supply Chain: Collaborate with suppliers and partners and build data secuirity responsibilities and assurances into your contracts where possible.

 

Remember, data security is everyone’s concern. It requires a collective effort from all in the organisation to ensure the safety of your data. By following these basic steps, small charities can reduce the risk of falling victim to cyber criminals and protect their reputation and beneficiaries.

graphic of people in different patterns and colours

Integrating Equality, Diversity and Inclusion into Service Delivery

by David Green 21 Apr, 2024
In today's interconnected world, every organisation, regardless of size, should be promoting equality, diversity, and inclusion (EDI). For small charities, embracing EDI principles is not just an ethical goal but also a strategic necessity to better serve their communities. So, what practical strategies can small charities adopt to enhance EDI in their service delivery? Hopefully, you are already working along these lines: Cultivate a Diverse Team : Try to improve diversity within your charity's team. Where possible seek candidates from different backgrounds, cultures, and experiences to bring varied perspectives and insights that reflects the communities you serve. Establish Inclusive Policies and Practices : Develop clear policies that uphold equality and inclusion. Include anti-discrimination measures, flexible working arrangements, and accessibility measures for full participation. Engage with the Community : Build strong connections with the communities you serve. Where practical, aim to be more user-led. Gather input from beneficiaries and other stakeholders through community forums, social media, or surveys to tailor services effectively. Provide Training and Education : Invest in training to raise awareness of EDI issues among staff and volunteers. Cover topics like unconscious bias, cultural competence, and inclusive communication. Offer Culturally Relevant Services : Customise services to reflect the community's diversity. Provide materials, where appropriate, in different languages, incorporate cultural traditions, and offer specialised support for different demographic groups. Foster Partnerships and Collaboration : Collaborate with organisations sharing EDI commitment to address inequalities collectively. Share ideas and expertise for more effective interventions and a broader reach. Monitor and Evaluate Progress : Establish ways to monitor and evaluate EDI efforts. Assess team diversity, gather user feedback, and track outcomes to refine strategies over time. Integrating EDI principles into service delivery takes commitment, but if it leads to better engagement and outcomes, it will be worth the effort. Indeed, such an approach should mean that regardless of background, your beneficiaries have access to the support and opportunities they need to thrive.
Person shaking hands with digital arm coming out of computer screen.

Should charities use AI?

by David Green 15 Mar, 2024
Creating content with artificial intelligence
Photo of desk showing coffee, bag and laptop

The Pros and Cons of Hybrid Working

by David Green 13 Mar, 2024
Post-COVID many organisations introduced a hybrid mixture of home and office working. But what are the pros and cons? The pros of hybrid working: Increased flexibility: Hybrid working allows staff to have a better work-life balance by giving them the flexibility to work from home on certain days. This can be particularly beneficial for those with long commutes or personal commitments. Improved productivity: Studies have shown that home working can increase productivity due to fewer distractions and interruptions in a home environment. Hybrid working allows staff to choose the most suitable environment for their tasks, leading to increased focus and efficiency. Cost savings: Hybrid working can result in cost savings. Staff can save money on commuting expenses, and meals etc. Employers can also save on office space and related expenses. Reduced environmental impact: With fewer people commuting to the office every day, hybrid working can contribute to a reduction in carbon emissions and traffic congestion, leading to a positive environmental impact. Enhanced satisfaction and retention: Offering hybrid working options can improve staff satisfaction and morale. It shows that the organisation values work-life balance and trusts staff to manage their time effectively. This, in turn, can lead to higher employee retention rates. The cons of hybrid working: Communication challenges: Hybrid working can create communication gaps between those in the office and those working at home. It may be more difficult to collaborate, share information, and maintain team cohesion, especially if not all staff have access to the same communication tools. Potential for decreased collaboration and innovation: In-person interactions often foster collaboration, creativity, and innovation. Hybrid working may limit spontaneous brainstorming sessions, informal conversations, and face-to-face problem-solving, which can hinder the development of new ideas. Blurred work-life boundaries: While hybrid working offers flexibility, it can also blur the boundaries between work and personal life. Some individuals may find it challenging to switch off from work when they are constantly connected to their home office. Inequality and fairness concerns: Hybrid working may not be feasible or accessible for all staff. Those with limited access to technology, suitable home working environments, or caregiving responsibilities may face disadvantages, leading to potential inequality and fairness concerns. Potential for decreased employee engagement: Without regular face-to-face interactions, some may feel isolated or disconnected from their colleagues and the organisational culture. This can impact engagement, motivation, and overall job satisfaction. Reinforcing existing prejudices and discrimination: Research by the TUC found that perceived issues with work commitment led to closer monitoring of hybrid workers from black and minority ethnic communities. The same study also found that hybrid working led to some people working longer and constantly being available in order to cope with increasing workloads or to prove their worth. It is important for organisations to consider all these pros and cons when implementing hybrid working and to find ways to address the potential challenges to ensure a successful transition. A good hybrid working policy can set out how such challenges can be avoided or overcome. For charities, a big problem is a lack of investment in IT. Traditionally, the private sector has had deeper pockets when it comes to installing the infrastructure needed for home based working. If charities are to deliver successful hybrid working, then they need to ensure their staff and volunteers have the technology and Internet speeds that will enable them to work smoothly from home as well as the office. What’s more, they must ensure their staff are trusted, treated fairly and feel supported. Involving staff (or their trade union) in the design of hybrid working systems, and staying in touch can help to anticipate and deal with any problems. As such, charities should ensure that communication within their team is as seamless as possible. Indeed, once hybrid working arrangements are up and running, regular monitoring is essential for success.

Writing Better Reports

by David Green 16 Jan, 2024
Trustee boards, funders and partner organisations may ask for written reports. But how do you get your information across in a readable manner? In order to write a concise and effective report, there are a few important steps you should follow. First, clearly define the purpose and scope of your report to keep yourself focused and avoid including unnecessary information. Reports typically include the following types of content: Details of an event or situation The consequences or ongoing effect of an event or situation Evaluation of statistical data, feedback, outcomes, survey responses etc Interpretations based on the information in the report Predictions or recommendations based on the information in the report How the information relates to other events or reports Decide what type of report you are writing and stick to it. Next, gather all the relevant data and information needed to support your report. Make sure to use credible sources and cite them properly. These might include project outcomes, surveys, case histories, quotes from service users or even reports produced by others. Organise the information in a logical and coherent manner, using headings and subheadings to create a clear structure. To help with this, list all the key points and then create a rough outline of subheadings with bullet points, rearranging them until you are satisfied. When writing the report, use simple and concise language. Avoid using jargon or technical terms that may confuse your readers. Present data in a visually appealing way using bullet points, photographs, tables, and graphs. Remember to include an introduction that provides an overview of the report, a body that presents the main findings and analysis, and a conclusion that summarises the key points and offers recommendations if necessary. A typical report structure might be: Executive summary : A standalone section that summarises the findings in a few paragraphs. Introduction : Provides background information and sets up the body of the report. Body : Explains the major findings, broken up into headings and subheadings. It might include graphs, tables , photos, case histories, and quotes. Conclusion : Brings together all the information and provides a definitive interpretation or judgment. Recommendations : Lists any recommendations arising from the findings. Proofread your report carefully to eliminate any grammatical or spelling errors. Pay attention to formatting and ensure consistency throughout the document. It's also a good idea to have someone else review your report for a fresh perspective and to catch any mistakes you may have missed. By following these steps, you can write a concise report that effectively communicates your findings and recommendations.
More posts
Share by: