The Threat Facing Charities and Social Enterprises
The 'How Prepared is the Third Sector to Secure their Information' Survey, conducted by IS Know How; discovered that 74% of respondents stated that their third sector organisation wouldn't know if it suffered a data security breach. It also found that 83% of respondents said that their charity does NOT utilise a Strong Password Policy and yet 68% of those responding to the survey, claimed that they are aware of the Gravity and effect that a Data Security Breach would likely have on their organisation, including the resulting reputational damage.
IS Know How's CEO & Founder Robert Stones, believes that;
"Third Sector organisations are the next proving ground for many threat actors, due to the type and depth of data that they process and maintain. Add to this the often unique personnel, legal and financial structure for most organisations; they are unfortunately often a very soft target. Therefore, the sector deserves to have the very same best of breed Data and Cyber Security resources at its disposal, that has been completely tailored to their various needs - including as sector wide affordability throughout and affording the ability to mitigate the many threats."
The fines that can be levied by the Information Commissioner’s Office (ICO) for third sector organisations that fail to comply with the protection of data, is currently set at £500,000 per infringement but under the EU General Data Protection Regulation (GDPR), that is due be enforced from 25 May 2018; these fines could be far higher and involve a much longer lasting impact.
How Cyber Essentials certification can help Charities and Social Enterprises protect data
Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations situated within the third sector. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of common cyber attacks. These five controls are as depicted below;
Boundary Firewalls & Internet Gateways
There are Two Levels of Certification.
There are two levels of Cyber Essentials certification available to your organisation: Cyber Essentials and Cyber Essentials Plus.
The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) around the adoption of the five controls, as well as an external vulnerability scan of the externally facing IP addresses. The external vulnerability scan provides independent verification of your cyber security status and is only offered as part of a CREST-accredited Cyber Essentials certification.
Cyber Essentials Plus
The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes a technical review of the organisation’s workstations and an on-site assessment. Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.
Why IS Know How have Partnered with IT Governance to Deliver Cyber Essentials
IT Governance is a leading CREST-accredited certification body that has awarded hundreds of Cyber Essentials certifications already, including certificates to Action for Children, Barnardos, Core Assets Children’s Services Limited and The Poppy Factory.
This partnership allows Charities and Social Enterprises to conduct the entire certification process online at an incredibly competitive price. The partnership also provides a choice of packaged solutions designed to help organisations of varying levels of experience and expertise through the scheme.
Benefits of Becoming Cyber Essentials / Plus Certified?
With Cyber Essentials you can focus on your core business objectives, knowing that you’re protected from the vast majority of common cyber attacks. You will also be able to drive business efficiency, save money and improve productivity by streamlining processes.
Achieving certification will also help you to address other compliance requirements such as the EU General Data Protection Regulation.
Demonstrate to clients, insurers, investors and other interested parties that you have taken the precautions necessary to reduce cyber risks.
Be able to bid for UK Government contracts that involve the handling of personal and sensitive information, and increase your chances of securing business within the private sector.
Save Vital Funds
Insurance agencies look favourably on organisations with Cyber Essentials, resulting in lower insurance premiums.