Cyber security.

Maybe that term conjures up an image in your mind of a hacker in a hoodie attempting to break into government systems, just like we see in films.

However, the reality is that cyber crime is big business, perpetrated by organised crime groups, nation states and individuals – for money and for mischief.

Attacks can be incredibly sophisticated or comically obvious (“You’ve just won $36m on the Australasian lottery – please send us your bank details!”). They can be random, targeted or result in collateral damage.

The third sector faces the same risks of operating in a digital world as everyone else. In a recent survey, the National Cyber Security Centre (NCSC) found that 62% of charities identified cyber security breaches or attacks in the past year. The average cost was £1,460, but the stakes can be much higher. Highland Hospice lost around £500k last year through a targeted attack.

At SCVO, we recognise that we’ve got an important role to play in supporting Scotland’s third sector to understand cyber threats and take steps to protect themselves. We have therefore been working with the Scottish Government and other organisations to develop a Third Sector Action Plan which sets out actions we will collectively take to help build digital confidence and cyber resilience.

Over the next few months, alongside the Scottish Government and the NCSC, we’ll be working with other ‘catalyst’ organisations from the sector to develop and implement practical solutions to key challenges.

The Scottish Government will also be making small grants available to organisations to achieve Cyber Essentials accreditation, building on the lessons from a similar scheme we managed last year.

But what action should you take now to protect yourself?

From a technical perspective, you should always:

  1. Keep your organisation’s software patches up to date
  2. Use proper antivirus software
  3. Back up the data that matters to you

However, the NCSC also notes in a charity threat assessment that the culture of trust in the sector makes people in third sector organisations particularly vulnerable to criminality. It’s therefore worthwhile:

  • Building the Essential Digital Skills of all staff, trustees and volunteers – paying particular attention to ensuring people know how to spot scams.
  • Ensuring people making payments are extremely careful when sending money to new people or organisations – even when the request appears to be legitimate (some of the largest losses have arisen from fraudulent CEO emails saying an urgent payment needs to be made).

If you want to take the next step in exploring how to maximise the opportunities provided by digital, as well as minimise the risks, why not take our free Digital Check-up?