Becoming more Cyber Resilient
Is your organisation talking about cyber resilience? Do you know what it is and what it means for you?
With 40% of charities rating their skills in cyber security as ‘low’ or ‘very low’ we’re aware that third sector organisations often lack the knowledge to discuss and assess cyber threats properly. Additionally, for many Scottish charities cyber resilience is not discussed at a senior level or featured on organisational risk registers.
Being “cyber resilient” is both the prevention of cyber breaches and also making sure that if a breach occurs that you are able to respond without losing business continuity. A cyber breach isn’t necessarily a ‘hack’, but it is any incident in which data is lost or stolen, including; accidental loss of files or hardware, social engineering, phishing or more targeted attacks. The types of data could include financial data, security data or personal data – such as your customer’s contact details.
Kyle Usher, Digital Change Manager, SCVO
We are working with Scottish charities to build commitment from third sector leaders to assess and improve their cyber resilience and to test the ability of third sector organisations to achieve Cyber Essentials accreditation through a small scale ‘grants’ programme of up to £1500.
The National Cyber Security Centre has produced the following resources to help charities
- Cyber Security: Small Charity Guide (Infographic Summary)
A summary of low cost, simple techniques that can improve cyber security within your charity or voluntary organisation.
- Cyber Security: Small Charity Guide (PDF Download)
How to improve cyber security within your charity – quickly, easily and at low cost.
- Cyber Threat Assessment: UK Charity Sector
A report from the NCSC that outlines the cyber threat that charities of all sizes now face.
If you are interested in becoming more cyber resilient and want to discuss this with the One Digital team, please contact us at firstname.lastname@example.org
Note: the SCVO Cyber Essential Grants are now closed. But you can still get Cyber Essentials accreditation.
What is Cyber Essentials and why should I have it?
The Cyber Essentials Scheme is a Government backed standard in cyber security enabling businesses to demonstrate that they both understand and address cyber risks. As part of the implementation of the Scottish Government’s Cyber Resilience Strategy, cyber accreditation may become a part of procurement conditions in the future. Obtaining Cyber Essentials Accreditation will enable your organisation to understand the most common cyber security risks and take action to avoid them.
How do I get Cyber Essentials?
You must apply through a ‘certification body’ to achieve Cyber Essentials accreditation. The process involves a self-assessment questionnaire (which your IT support will need to complete) and external remote testing of your systems. The cost for accreditation is around £300, although your IT supplier may charge you for completing the self-assessment and/or putting in place recommended measures to achieve accreditation. The Scottish Business Resilience Centre provide a list of their trusted partners who can provide accreditation.