Guest Blog: How do you eat a cyber elephant? One bite at a time…

Alison Stone, Third Sector Cyber Resilience Co-ordinator, Scottish Business Resilience Centre about all things cyber, inluding new ACOSVO cyber initiatives.

National restrictions may be receding, but many of the effects of the global pandemic will live on including the huge expansion and acceptance of remote working.  However, despite us being 18 months into this new way of working, we are seeing a steady increase in the number of charities and voluntary organisations impacted by some level of security challenge.  
Recent research by the UK Government found that businesses (84%) and charities (80%) said COVID-19 made no change to the importance they place on cyber security. This concerns me on several levels – not just because the National Cyber Security Centre (NCSC) reported a rise in cyber incidents during the pandemic. This is a stark reminder that when it comes to cyber security, the best place to start is with the basics. 
Undertaking some simple measures to improve your IT network security and undertaking some training and awareness for staff and volunteers is a good place to start.  And never fear – a lot of this isn’t as costly or as complicated as you think it might be.  It’s just knowing where to start.  So, how about I give you a few starters for 10? 

Protect the gateway to your data 

Password protection is an aspect that can be easily underestimated. Data from Google shows that 52% of people use the same passwords for multiple accounts, and a staggering 13% use the same password for all of their accounts, which reinforces that educating people about the folly of doing this remains a priority.  Organisations need to stress to their teams the importance of maintaining a secure password policy and advise on avoiding suspicious links and downloads.  Consider using a Password Manager to stop that password overload.  Oh, and don’t forget that three random words is the name of the game these days! 

Update your software  

The few minutes it takes to install a software or application update could save you lots of time in the long run by reducing your risk of a cyber-attack. Software updates released by developers often include improvements to security bugs and patches for cyber security systems, in turn improving the protection of your data. Installing updates promptly (rather than ignoring the pop-ups) makes it more difficult for cyber criminals to exploit your computer systems.  

Educate yourself and your team 

Training is an important tool in your armoury when combating cyber-crime.  There are an abundance of free training webinars open to the third sector at the moment.  Join one of the sessions offered by The Curve, go along to the LeadScotland webinar series or take it at your own pace by using the NCSC e-learning platform.  
Tell us what you think…
The team at ACOSVO are working on some great new cyber initiatives too.  They have committed to producing resources for CEO’s and Chairs that will help you get to grips with embedding cyber as just another risk to your business (which it is!).  That said, it is really important for them to understand what you need, so they have designed the Be Better Informed survey which I would like to encourage you to complete before 30th September 2021.  Cyber resilience and education is a BIG subject – help ACOSVO deliver what the sector needs by sharing your thoughts with them today.  
In closing, mastering the basics of cyber security is vital in this day and age. With increased threat levels present alongside ongoing remote working, the need for action on cyber basics has never been higher, so start eating that cyber elephant today!
For further details, contact Alison Stone, Third Sector Cyber Resilience Co-ordinator, Scottish Business Resilience Centre.