"Do you think cyber security is a risk for charities?" This wasn’t an idle question over coffee. It was posed by the chair of the risk management committee at a prominent charity. The answer, of course, should be a resounding "yes", and recent high-profile events should serve only to underline the fact that information security, or cyber security as it’s recently become more widely known, should be high on the agenda for all charity trustees, chief executives and board members. After all, it’s their ultimate responsibility to keep information safe.
To underline the fact that the third sector is as much at risk from cyber attacks as any other sector, the Charity Commission recently issued an alert containing regulatory advice under section 15(2) of the Charities Act 2011. This came after the WannaCry ransomware attack that crippled many organisations worldwide and, notably, large parts of the NHS in the UK.
In a recent conversation with "Malwaretech", the man who stopped the WannaCry ransomware attack dead in its tracks, he said: "I was just doing my job." Being as diligent as him at "just doing the job" will go a long way towards ensuring that the information your charity is entrusted with remains safe and secure.
Of the many organisations that were affected by this incident, most fell foul of the attack because they were using unsupported or unpatched operating systems, and no doubt found themselves in that predicament because of under-investment in cyber security basics. And we’re not just talking money here. Patch, update and protect is a simple mantra for IT folks to follow, but is often ignored until "business as usual" comes to a grinding halt when the information systems fail.
Read next: 2 Security lead