What Are The Risks?
No matter the size of your organisation or what sector of business you carry out your duties in, it's safe to say that we're all living in an ever increasing digital world. We're consuming huge amounts of data and also storing very large amounts both in business and domestically.
Third Sector organisations are no different in the storing of, processing and consuming of data revolution but this is often tempered with the lack of Cyber Security knowledge. Add to this, a lack of a robust Cyber Security Protection and Mitigation Plan, or a meaningful Cyber Security Data Disaster Recovery Action Plan, for if a data breach or attack happens.
If you haven't already read through IS Know How's ICO - Data Security Incident Trends page, you will see some of the very latest Third Sector Specific Data Protection Act failures, which can often be caused by Data Breaches also.
Inside the Mind of a Hacker
Do you know the current average or past average, for how long a data breach tends to go undetected for?
“According to the just released report by Mandiant, the median number of days that attackers were present on a victim’s network before being discovered, dropped to 146 days [Just over 5 months] in 2015 from 205 days in 2014 — a trend that shows positive improvement since measuring 416 days back in 2012. However, breaches still often go undetected for years, Mandiant reminded.
With the above in mind, whilst the statistics are showing a reduction - humanity must not take it's foot off the accelerator, as Cyber Criminals WILL NOT simply begin reducing their attempts to access your data and network(s).
Therefore, I’m sure that you can start to imagine what kind of fun that cyber criminals can have on systems and networks, that they have access or even control of, for 146 days… simply mind-blowing!
The Risks Are Incredibly Real - Don't Let Fear Rule Your Data Security
If you take the above statistics for the average time that it takes for a data breach to be found, you ought to be asking yourselves the following;
Do you know where your Critical and Valuable Data is located?
Who Controls it?
Who has Access to it?
Donation Records which will often include Financial Data and Sensitive Client Data including Personal Details, need to be fully Respected when it comes to Cyber / Data Security.
Things To Consider
Now is the time to realise that you have to do more to protect your clients and stakeholders and ultimately your own organisation and its future.
Did you know that there's a larger 'Internal Threat' than most people in your Third Sector Organisation would credit, it's not just the external threat that is so often in the media - we all face this risk now.
The majority of Cyber Security Breaches are not down to poor firewall systems or lax security systems (although these wouldn't help) but are as a result of human error within organisations.
Risks are not just digital but also include information obtained offline to commit cyber fraud, this is often carried out via Social Engineering, Phishing Scams by email amongst others.
Due to the above it is, unfortunately, a very trying time to be running a Charity or Not-for-Profit in the UK.
The attempt to strike the right balance and harness the positive aspects of digital technology but mitigating the negatives aspects at the sametime, not to mention locating affordable solutions that do not reduce their effectiveness can be challenging.
IS Know How believe they are positioned perfectly to deliver this.