The Threat Facing Charities and Social Enterprises

The 'How Prepared is the Third Sector to Secure their Information' Survey, conducted by IS Know How; discovered that 74% of respondents stated that their third sector organisation wouldn't know if it suffered a data security breach. It also found that 83% of respondents said that their charity does NOT utilise a Strong Password Policy and yet 68% of those responding to the survey, claimed that they are aware of the Gravity and effect that a Data Security Breach would likely have on their organisation, including the resulting reputational damage.

IS Know How's CEO & Founder Robert Stones, believes that; 

"Third Sector organisations are the next proving ground for many threat actors, due to the type and depth of data that they process and maintain. Add to this the often unique personnel, legal and financial structure for most organisations; they are unfortunately often a very soft target. Therefore, the sector deserves to have the very same best of breed Data and Cyber Security resources at its disposal, that has been completely tailored to their various needs - including as sector wide affordability throughout and affording the ability to mitigate the many threats."

The fines that can be levied by the Information Commissioner’s Office (ICO) for third sector organisations that fail to comply with the protection of data, is currently set at £500,000 per infringement but under the EU General Data Protection Regulation (GDPR), that is due be enforced from 25 May 2018; these fines could be far higher and involve a much longer lasting impact.

How Cyber Essentials certification can help Charities and Social Enterprises protect data

Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations situated within the third sector. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of common cyber attacks. These five controls are as depicted below;

Cyber Essentials - Secure Configuration

Secure Configuration

Cyber Essentials - Boundary Firewalls & Internet Gateways

Boundary Firewalls & Internet Gateways

Cyber Essentials - Access Control

Access Control

Cyber Essentials - Patch Management

Patch Management

Cyber Essentials - Malware Protection

Malware Protection

There are Two Levels of Certification.

There are two levels of Cyber Essentials certification available to your organisation: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) around the adoption of the five controls, as well as an external vulnerability scan of the externally facing IP addresses. The external vulnerability scan provides independent verification of your cyber security status and is only offered as part of a CREST-accredited Cyber Essentials certification.

Cyber Essentials Plus

The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes a technical review of the organisation’s workstations and an on-site assessment. Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.

Why IS Know How have Partnered with IT Governance to Deliver Cyber Essentials

IT Governance is a leading CREST-accredited certification body that has awarded hundreds of Cyber Essentials certifications already, including certificates to Action for Children, Barnardos, Core Assets Children’s Services Limited and The Poppy Factory.

This partnership allows Charities and Social Enterprises to conduct the entire certification process online at an incredibly competitive price. The partnership also provides a choice of packaged solutions designed to help organisations of varying levels of experience and expertise through the scheme.

Benefits of Becoming Cyber Essentials / Plus Certified?

With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money and improve productivity by streamlining processes.

Achieving certification will also help you to address other compliance requirements such as the EU General Data Protection Regulation.

Cyber Essentials - Demonstrate Security

Demonstrate Security

Demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks. 

Increase Opportunities

Increase Opportunities

Be able to bid for UK Government contracts that involve the handling of personal and sensitive information, and increase your chances of securing business within the private sector.

Save Vital Funds

Save Vital Funds

Insurance agencies look favourably on organisations with Cyber Essentials, resulting in lower insurance premiums.