Why do trustees need to bother about cyber security?

I am sure that any trustee reading this will agree that their role is not for the faint hearted!  There is lots to learn and understand about the organisation that you represent already, so you won’t thank me for bringing an additional burden to your door by mentioning cyber security! 

However, cyber security is key issue for all organisations – big or small, regardless of sector.  It would be great to tell you that cyber criminals will make exceptions for the third sector when they identify their targets – after all, we do some exceptionally good and valuable work for society.  Sadly, your average cyber-baddie doesn’t take that into account and merely views ALL organisations as a route to getting money or their hands on that super-valuable data we hold. Fear not – help is at hand. 

My first piece of advice is a simple one – cyber security should be viewed as “just another business risk” and discussed at Board meetings along with all the other things that may threaten the stability of your operation.  I understand that some of the terminology we use can be a little daunting but framing cyber as another business risk does seem to take away some of the fear for many.

And, let’s tackle the language piece... Many people I speak to in course of my cyber education work will admit to feeling “overwhelmed” or “confused” by the terms they hear and see used when talking cyber – they are concerned that not knowing their malware from their social engineering makes them less capable of understanding.  That should not be the case – any IT service provider worth their salt should be able to provide an explanation of any issue in non-geek speak.  Never feel embarrassed to say “sure, that makes sense to you, but could you explain that again, in layman's terms!”

If you wanted to do some homework, there is a raft of information available to help you brush up your bytes of knowledge (see what I did there? 😊 ).  The National Cyber Security Centre (NCSC) are the folk within the UK who are the REAL experts.  They are part of GCHQ with a mission to make the “UK the safest place to live and do business online”.  As part of the suite of resources that they have available, which include a helpful Glossary, they have some great ones especially designed with the third sector as its audience.  The Small Charity Guide is a great introduction to some of the easily achievable actions your organisation can undertake to improve its security posture with little or no cost or technical knowledge.  An important resource for trustees to get their hands on is the NCSC Board Toolkit.  This provides a holistic and helpful overview of cyber resilience, which demystifies the tech-talk and provides tangible questions that Board members can use to start the conversation around improvements.

Reading about cyber security may not be high on the list of most people’s new year's resolutions, so why not take things at a gentler pace and join the Good Governance webinar that the SCVO Trustee’s Network is hosting on Wednesday 3 February 2021 at 5pm.  This session will provide an introductory overview of why charities are at risk, from whom and what, and more importantly, what they can do to prevent this.  As I highlighted during my introduction, cyber security remains as vital today as ever before – possibly even more so now the working from home restrictions means that many of us will continue to be at work at the kitchen table for the foreseeable future.

As well as presenting sessions like the Good Governance one mentioned, my role is to work with ALL third sector organisations to provide help, advice, training and, if I don’t know the answer to your question, I’ll find someone who does.  Why not make 2021 the year to be bothered about cyber security?  Drop me an email and let’s talk about how your organisation can reduce your cyber risks – I'll make it as plain English and pain free as I can!

Four steps you can take now to protect your organisation against cyber risks in 2021:

1. Join our Good Governance webinar on 3 February
2. Check out the NCSC’s Small Charity Guide – a great overview and starting point
3. Drop me an email and we can have a supportive, non-techy chat
4. Look at the NCSC’s Board Toolkit. There’s a lot in there, so you might want to take it bit by bit over a series of board meetings.