Cyber War – Is your charity prepared?

Make no mistake, we are witnessing unprecedented times. In our lifetime, we have never faced the aspects of war that we do today. None of us want to be the weak link against the global cybercrime syndicates, so immediate action is required to protect your organisation. Whether attacks are against charities, SME’s or our core infrastructure systems such as energy, healthcare, or even the internet itself, we should expect the unexpected. Cyber-attacks could render key services unusable so, in the face of these threats, cybersecurity can no longer be an afterthought. It may sound dramatic, but cybersecurity is about basic survival, and it has never been more important, in light of the escalating Russia-Ukraine conflict.

In the past we have written tech blogs providing tips on how charities can tighten up security and these are still relevant, but it is always a good idea to review security measures in the ever-evolving world of technology and cybercrime.

The NCSC isn’t aware of any specific threats to UK organisations in relation to events in the Ukraine however, there has been an historical pattern of cyber-attacks on Ukraine with international consequences. It’s vital to improve resilience and the following steps will help you avoid cyber catastrophe.

1. Updating all software, security patching. Are you up to date? Is your current IT provider offering proactive support? Visit charity tech support
2. Verifying access controls – locking down your network and reviewing access rights (internal access and external). When was the last time you reviewed who has access to your network and files?
3. Make sure your defences are working – Cyber resilience testing. Consider cyber essentials audit/certification. Visit CE & CE+
4. Reviewing your back-ups. What is being backed up, where is it being backed up and how often and have these back-ups been tested?
5. Cyber Insurance – In the event of a breach are you covered against potential fines? Like any insurance policy, it is a good idea to get at least two quotes. Try Hiscox and Third Sector Protect
6. Mobile device management. Do not forget to consider all devices used for work purposes. Protect them. Visit MaaS360 MDM
7. Education (No click policy) – Remind staff never to click on any links contained within emails or sent to mobile devices. Always check the sender’s email address and if you are unsure, call the sender to verify. Ongoing security awareness training is a great way to keep staff on their toes and provide training. Visit SAT Training

There are many other steps that charities can take to boost your charity’s defences. The NCSC’s free Early Warning tool can alert you if there are signs of a vulnerability or of a potential cyber-attack. They also have other tools to help charities make simple changes in the NCSC’s Small Charity Guide

We do hope these tips have been useful but if you would like to discuss security or anything tech) in more detail then please contact Chris Austin directly on 0203 828 0427 or email chris.austin@spirituk.com. In addition to proactive technical support, we offer cyber security awareness training and have helped many charities achieve cyber essentials and CE+. 

***Please help us, help others and share with your network***

Author: Chris Austin 16 March 2022