5 Top Tips for Charity Cybersecurity Governance

5 Top Tips for Charity Cybersecurity Governance

Cybercrime is rapidly growing and threatens charities of all sizes, it is therefore critical that charities of all sizes manage data protection effectively.

Charities store data in relation to their staff and beneficiaries and face fines due to mishandling of confidential data. Governance for data starts with trustees who must ensure that information stored by their charity is maintained accurately, securely and kept up to date.

Is your Board paying enough attention to the technology data risks?

Technology is part of most activities in charities today and is embedded into interactions with beneficiaries, funders and management including:

  • Cloud computing

  • Social media

  • Email security

  • Working remotely

The threat is stark. US data security giant Gartner says that only 6% of organisations survive longer than two years after losing data and over 43% are put immediately out of business. The requirement for data security governance and indeed comprehensive backup and disaster recovery has never been more important.

The world is changing and cybersecurity threats are increasing each day. The responsibility for data security can no longer be solely managed by the IT department. Charity Boards must actively review and approve data security policies.

Is your Board data savvy?

It should be. Here are 5 top tips

1. A Board should aim to have at least one trustee with a technology background
This can ensure that a charity’s approach to IT is aligned to the strategic plan and overall governance.

2. Name a staff cybersecurity lead
Even the smallest charities should make information management a key consideration for trustee meetings. A named cybersecurity staff lead should attend the Board and appraise trustees regularly of how that charity’s technology and policy links to effective data management.

3. Trustee Boards should proactively seek cybersecurity training and learning
Trustees should seek out training opportunities from social sector membership organisations such as Community Southwark. Data management and cybersecurity seminars and training sessions are increasingly available to provide Boards with key competence to inform effective data governance.

Watch this space for workshops and factsheets coming soon from Community Southwark and The Integrate Agency.

4. Board meetings should include a technology/cybersecurity agenda item
Boards should spend as much time on data, cybersecurity and technology consideration as it does on accounting process and procedure.

5. Seek out external expertise
Network with other charities that are more cybersecurity savvy and invite their officers to speak to your Board. Also, pay close attention to the Information Commissioners Office website for free webinars, guidance and charity toolkits. They offer resources to help charities comply with their information management responsibilities.

The Integrate Agency CIC is a social enterprise that bids for and delivers outsourced public services contracts on behalf of the social sector. To keep in touch with new contract opportunities, please follow us on Twitter @IntegrateUK