If your knowledge of computing is somewhat limited, the technical terms can seem like a lot to get your head around. When faced with jargon such as firewalling, tailoring software settings, configuration, watertight password policy, and two-factor authentication, it can be easy to think that computers aren’t your thing.
However, building a cyber security toolkit is more straightforward than it seems. There’s a wealth of expertise out there to help you integrate the technical aspects of cyber security into your charity’s overall strategy.
So, how do you ensure that you have the relevant expertise in place? One option is to recruit external expertise. Or, if timescales are less of an issue, you could also consider training up existing staff or hiring graduate talent with the potential to excel in your IT team.
Once you have built a strong technical foundation, your board and experts can work together to build a toolkit that takes all of your activities and goals into account.
A good starting point in developing a robust cyber security strategy is building an understanding and awareness of existing cyber threats. From there, you can look at cyber security in the context of your organisation by considering the activities that put your business at risk from cyber fraud and deciding which systems are the most important to protect.
Part of the process may involve weighing up a potential protection measure against a conflicting operational policy that’s being considered by another part of the organisation. The National Cyber Security Centre says that if you are keen to drive flexible working by allowing employees to bring in their own computer devices, for example, any decision should assess the increased risk associated with having less control over some of the devices that are connected to your networks.
When you have established a base level of cyber protection, you can update the rest of your organisation. Educating stakeholders and letting people know their specific responsibilities within your cyber security framework provides opportunities to discuss any areas for improvement. It will also help you develop an ongoing system to monitor and update your cyber protection strategy.
"Tackling cyber crime as an organisational threat not only means having the right upfront security and staff training, but also ensuring there is adequate insurance and an incident response plan in place," says Liam Greene, professional and management risks manager at Markel UK. "Access to IT forensics, as well as legal and PR expertise, can be funded via a specialist cyber risks insurance policy, along with liability for claims made against your organisation."
According to the Association of British Insurers, specialist cyber policies are becoming increasingly popular among organisations that hold people’s personal and banking information, process card details, and conduct much of their operations online – factors which are of particular relevance to the charity sector.
Insurers such as Markel provide other benefits to help you bolster your defences and respond to breaches, including dedicated support teams offering expert legal and technical advice.
So, although there is a lot to consider when it comes to cyber security, with appropriate support you can confidently build the toolkit that’s right for your organisation.