-
Find out who’s taking the lead on information security
-
Make information security part or all of someone’s job
-
Assess and value the information assets you hold
-
Check for online donations and phishing emails in the name of your charity
-
Ensure applications are written with demonstrable security
-
Patch and update all software as part of business as usual
-
Protect your public website against hacks and patch vulnerabilities
-
Check backups as a last line of defence against malware
-
Regularly audit user accounts
-
Minimise user and admin account privileges
-
Ensure strong passwords are enforced for all users
-
Use two-factor authentication for remote access
-
Provide IT and information security education
-
Write and review straightforward policies
-
Keep personal devices away from corporate data
-
Ensure data in the cloud is secure and recoverable
-
Make sure that cyber security is on your risk agenda
Further information
National Cyber Security Centre
NCSC Cyber Essentials Requirements
IT Induction and Information Security Awareness
Open Web Application Security Project
Information Commissioner’s Office
Information Commissioner’s Office GDPR
Read next: 9 About the author - Martyn Croft