Charities are often highly reliant on their people, and people are likely to be your biggest risk: but more of that later. In the meantime, it’s become imperative to find out who’s taking the lead on cyber security. It might be that you have a chief information security officer, or an IT guy, or a risk manager, or maybe a data protection officer. But the glib answer is that everyone is responsible for information security and it’s up to the board to know the answers to some basic questions.
Start simply by assessing the value of your information assets and look at what you should be protecting. From their inception charities have relied on supporters, donors, philanthropists, even government funding, and it’s unlikely that charities would have the money to continue to fulfil their charitable objects if the personal information about their supporters or their beneficiaries were to be hacked, leaked and generally abused by cybercriminals.
Charities are often cash rich. They're good at shaking collecting tins to garner loose change and very good at taking online payment cards donations in return for not much more than a warm fuzzy feeling. The bad guys know this and aren’t averse to skimming off a percentage of the take by spamming a generous public with phishing emails purporting to be from charities. Any charity. Even yours. And to add insult to injury, they’re not averse to setting up bogus websites in the wake of tragedies to rake off well-intentioned donations from an unsuspecting and trusting public. If your supporters get taken for a ride by believing they’re donating to your cause, they might think twice when you ask them for real.
Read next: 3 Personal information