This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.





The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Third Sector Cyber Resilience Action Plan launches

This opinion piece is almost 6 years old
 

David McNeill looks at what action charities can take now to ensure they are prepared for potential cyber attacks

Cyber security.

Maybe that term conjures up an image in your mind of a hacker in a hoodie attempting to break into government systems, just like we see in films.

However, the reality is that cyber crime is big business, perpetrated by organised crime groups, nation states and individuals - for money and for mischief.

Attacks can be incredibly sophisticated or comically obvious (“You’ve just won $36m on the Australasian lottery – please send us your bank details!”). They can be random, targeted or result in collateral damage.

David McNeill
David McNeill

The third sector faces the same risks of operating in a digital world as everyone else. In a recent survey, the National Cyber Security Centre (NCSC) found that 62% of charities identified cyber security breaches or attacks in the past year. The average cost was £1,460, but the stakes can be much higher. Highland Hospice lost around £500k last year through a targeted attack.

At SCVO, we recognise that we’ve got an important role to play in supporting Scotland’s third sector to understand cyber threats and take steps to protect themselves. We have therefore been working with the Scottish Government and other organisations to develop a Third Sector Action Plan which sets out actions we will collectively take to help build digital confidence and cyber resilience.

Over the next few months, alongside the Scottish Government and the NCSC, we’ll be working with other catalyst organisations from the sector to develop and implement practical solutions to key challenges.

The Scottish Government will also be making small grants available to organisations to achieve Cyber Essentials accreditation, building on the lessons from a similar scheme we managed last year.

But what action should you take now to protect yourself?

From a technical perspective, you should always:

Keep your organisation’s software patches up to date
Use proper antivirus software
Back up the data that matters to you

However, the NCSC alsonotes in a charity threat assessment that the culture of trust in the sector makes people in third sector organisations particularly vulnerable to criminality. It’s therefore worthwhile:

Building the essential digital skills of all staff, trustees and volunteers – paying particular attention to ensuring people know how to spot scams.

Ensuring people making payments are extremely careful when sending money to new people or organisations – even when the request appears to be legitimate (some of the largest losses have arisen from fraudulent CEO emails saying an urgent payment needs to be made).

If you want to take the next step in exploring how to maximise the opportunities provided by digital, as well as minimise the risks, why not take our free Digital Check-up?

David McNeill is director of digital for the Scottish Council for Voluntary Organisations (SCVO)