The last 12 months has seen the world go through an unprecedented period, and many charities have adapted to staff working remotely during the various Covid-19 enforced lockdowns.
If you are a trustee, what can you do to ensure your charity is protected?
The best solution is to ensure the controls remain robust, and any changes that have to be made to accommodate different working practices are as risk free as possible.
General key procedures include:
- regularly back up data and restricting devices that are used to access the data
- the use of firewalls and antivirus software
- use of strong passwords; and
- ensuring staff have adequate training to ensure they are checking emails are from genuine senders and understand the risks of using of public Wi-Fi.
If you have not read it, I recommend you take some time to digest the National Cyber Security Centre “10 Steps to Cyber Security”. This poses a number of key questions around the following topics, summarised here:
- Home and mobile working – in particular emphasising the need for a clear policy
- User education and awareness – covering policies, training and reporting
- Incident management – do you have appropriate incident response and disaster recovery capability?
- Information risk management regime – how is risk managed?
- Managing user privileges – the processes around access and how this is monitored
- Removable media controls – the use of all removable media such as CDs, flash drives, mobile phones, wireless printers
- Monitoring – of IT systems and networks
- Secure configuration
- Malware protection – are appropriate defences in place?
- Network security – the general management process to ensure security controls are monitored and tested.
For further information and background on this ever increasing risk take a look at another UHY blog here which looks at the threat on a wider scale.
The next step
If you are concerned an internal audit of the control environment around your cyber security could be the solution to provide some comfort. UHY can conduct a review of your systems and controls against the detailed areas highlighted and questions posed by the National Cyber Security Centre.
If you would like to discuss this service or how you can help protect your charity then contact your local UHY office.