The Threat Facing Charities, Social Enterprises or Micro-Businesses.

Cyber Essentials in the Workplace

The 'How Prepared is the Third Sector to Secure their Information' Survey, conducted by IS Know How; discovered that 74% of respondents stated that their third sector organisation wouldn't know if it suffered a data security breach. It also found that 83% of respondents said that their charity does NOT utilise a Strong Password Policy and yet 68% of those responding to the survey, claimed that they are aware of the Gravity and effect that a Data Security Breach would likely have on their organisation, including the resulting reputational damage.

IS Know How's CEO & Founder Robert Stones, believes that;

Third Sector organisations are the next proving ground for many threat actors, due to the type and depth of data that they process and maintain. Add to this the personnel, legal and financial structure for most organisations; they are unfortunately often a very soft target. Therefore, the sector deserves to have the very same best of breed Data and Cyber Security resources at its disposal, that has been tailored to their various needs - including as sector wide affordability throughout and affording the ability to mitigate the many threats going forward beyond the present.

How Cyber Essentials certification can help Charities, Social Enterprises and Micro-Businesses protect data

Penalties for Non Compliance to the GDPR

On 5 April 2017 the Information Commissioner’s Office (ICO) fined 11 major charities for data protection breaches, including Cancer Research UK, Macmillan Cancer Support and NSPCC. These fines totalled £138,000 but under the GDPR regulation that became eforceable on the 25th May 2018, these fines could be significantly higher.

The ICO said that some of the charities had been fined because they had;

Screened millions of donors so they could target them for additional funds, while others had traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency.

However, the ICO has consistently stated that fines are their last option and they will prefer to be seen to utilise a proportionate approach where possible. This cannot be your cue to now tread GDPR with corporate ignorance and apathy though, as this on the other hand is likely to be met with rather large raised eyebrows by the ICO, thus increasing your chances of monetary penalties.

Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

Secure Configuration Icon

Secure Configuration Icon

Boundary Firewalls & Internet Gateways Icon

Boundary Firewalls & Internet Gateways Icon

Secure Configuration Icon

Access Control Icon

Secure Configuration Icon

Patch Management Icon

Secure Configuration Icon

Malware Protection Icon

There are Two Levels of Certification.

There are two levels of Cyber Essentials certification available to your organisation: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) around the adoption of the five controls, as well as an external vulnerability scan of the externally facing IP addresses. The external vulnerability scan provides independent verification of your cyber security status and is only offered as part of a CREST-accredited Cyber Essentials certification.

Cyber Essentials Plus

The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes a technical review of the organisation’s workstations and an on-site assessment. Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.

Why IS Know How have Partnered with IT Governance to Deliver Cyber Essentials!

IT Governance is a leading CREST-accredited certification body that has awarded hundreds of Cyber Essentials certifications already, including certificates to Action for Children, Barnardos, Core Assets Children’s Services Limited and The Poppy Factory.

This partnership allows Charities, Social Enterprises and Micro-Businesses to conduct the entire certification process online at an incredibly competitive price. The partnership also provides a choice of packaged solutions designed to help organisations of varying levels of experience and expertise through the scheme.

Benefits of Becoming Cyber Essentials / Plus Certified?

With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money and improve productivity by streamlining processes.

Achieving certification will also help you to address other compliance requirements such as the EU General Data Protection Regulation (GDPR).

Demonstrate Security

Demonstrate Security Icon
Demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks.

Increase Opportunities

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course Logo
Be able to bid for UK Government contracts that involve the handling of personal and sensitive information, and increase your chances of securing business within the private sector.

Save Vital Funds

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course Logo
Insurance agencies look favourably on organisations with Cyber Essentials, resulting in lower insurance premiums.

Managed Cyber Resilience as a Service All-in-One-Security & Cyber Essentials

IS Know How's 'Managed Cyber Resilience as a Service - All-in-One Security' directly Assists your Organisation Needing to Meet the '5 Key Controls' Before Applying for Cyber Essentials.

What Next?

We've taken time to extract various aspects of information from the Information Commissioner's Office EU GDPR Guidance - do make use of it, to increase your knowledge and direction that you are likely required to head in, regarding this critical matter.

You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"


IS Know How and it's Managed Cyber Resilience Service - All-in-One Security, is in noway endorsed by or working with National Cyber Security Centre in anyway.

What ISKH is doing, whereby clients wish to secure MCRS for their organisation, is to assist your pre Cyber Essentials Application by meeting the '5 Key Controls' that are required as part of any actual application.

ISKH does not imply nor guarantee, that when it comes to submitting your Cyber Essentials application itself and via your chosen provider of the Certification that you are seeking; that Cyber Essentials certification is guaranteed because you have purchased our MCRS Service.


We have taken great care, to construct the ISKH Services and their Subscription Plans, to be as straightforward as possible, whilst furnishing both parties with all relevant information - See how easy it is to begin Mitigating today with Sentinel5.
Image of Computer Screen detailing Let

Select Requirement

Select your chosen Item from the above listings.

Follow Prompts

Follow the On-Screen Prompts to complete your Sign-Up

Login & Choose

Now Login to the IT Governance's Website and Choose your Preferred Cyber Essentials Related Service

Purchase & Complete

Purchase and Complete your Preferred Chosen Service(s).

Download & Begin

Download your chosen IT Governance Services Documents / Software to begin Mitigating right away.


Get A

Please complete and submit this 100% No Obligation 'Request a Quote' form, to the best of your or your organisations ability, so that we can further assist you where needed.

Request FREE
30 Day Trial

Sign-up Now and enable your Third Sector Organisation for a 100% No Obligation 30-Days FREE Trial, to visualise the true benefits of IS Know How's Affordable & Proactive 'Managed Cyber Resilience Service' or 'Sentinel5'.

Speak To
An Expert

Not sure what you are looking for? Unsure how IS Know How's services will benefit your Organisation?

If you would like trusted advice from someone who can explain Data & Cyber Security Mitigation in understandable terms, please call us on 02921-679-021.


Need to contact us but time limited, or require IS Know How Services support? If so, Submit a New / Reply to a Ticket on our HelpDesk system here.



Proud Members Of:

IS Know How is a Proud Member of Cyber Exchange
IS Know How is a Proud Core Member of CyberWales & South Wales Cyber Security Cluster

Payments By:

Powered by Stripe Logo
Stripe Subscription Accepted Payment Cards
Powered by GoCardless Logo