Securing organisations for tomorrow

Cyber readiness resources for charities

Protect your people, data & IT infrastructure with our actionable advice to enhance your charity's cyber hygiene

The foundations of basic cyber hygiene

While cyber security is a complex field that requires specialist expertise, we want to ensure that you have taken all necessary steps to protect yourself at a fundamental level. To enhance your cyber resilience and defend against advanced threats beyond this, it is essential to collaborate with an experienced MSSP, like Bluecube, who will conduct a thorough audit and penetration testing and provide the relevant cyber security services you need.

01

Create long and strong passwords

To create a robust password, follow these four steps:

Use unique passwords for each service (work, email, social media, banking etc)

Opt for longer passwords; 24 characters is ideal

Craft memorable phrases (passphrases)

Mix capital letters, numbers and symbols when making your phrases (e.g. Ba8ysF1RSth0L!daywA5FUn)

Store passwords securely by utilising password managers or store them in a secure offline location away from devices if you have to.

Click here to learn more

02

Enable multi-factor authentication

Adding extra layers of protection to your accounts is now a necessity

Your username and password alone are no longer sufficient for securing your accounts. While it adds an extra step, it can act as a safeguarding factor by using other forms of identification that cybercriminals will not know or have access to. By setting up MFA you can use:

Something you know: password, memorised pin

Something you have: unique SMS code, authenticator app

Something you are: facial or fingerprint recognition (biometrics)

Click here to learn more

03

Update devices with latest software

Updating software for security is often referred to as 'patching'

One of the most common ways cybercriminals gain access to systems is by exploiting gaps in outdated software. When a vulnerability is discovered, developers work to create a patch that closes the hole. This is deployed through software updates which is why it's so important to stay on top of them.

Turn on automatic updates

Shut down laptops and computers; closing the lid will not allow updates to take place

Don't ignore or postpone them. Install them as soon as they become available

Click here to learn more

04

Regular, proven backups

In the event of a incident, you should have peace of mind that your data is still accessible somewhere, somehow.

Incident recovery involves restoring backed up data, so ensuring regular, tested backups is key. A good rule to follow is the 3-2-1 backup rule to increase your data's protection:

Always keep 3 copies of your data

Use at least 2 different media types (e.g. cloud, data centre)

Keep 1 offline copy at an offsite location.

Another great thing to do is ensure you have automatic backups enabled on your devices and frequently test if you can successfully restore your data.

05

Keep IT equipment safe

Risks can arise offline too. Protect your IT equipment when outside the office.

Never leave laptops, tablets, or phones in vehicles overnight, even when attended.

If you are in the office, try to adhere to a clear desk policy or store your necessary, sensitive files and equipment securely.

Do not write down sensitive information or passwords. Use encrypted, online data storage tools.

Consider encrypting device storage using BitLocker or FileVault for added data. security, especially for larger IT estates.

Keep equiptment hidden and secure with locks or access controls when not in use.

06

User awareness & education

People are central to your organisation, but they can also be a big risk factor.

Staff at all levels should engage in cyber security training to avoid human error and this can be done in a number of ways.

Regular refresher training.
Simulated phishing exercises.
Enrol staff in modern training plans.
Promote the use of the free online cyber security resources that are available to them.
Allow your staff time to engage and invest in their education.
Remove unused accounts for inactive or old accounts
Reduce access rights, so only the authorised people have access to privileged information and data

07

Secure remote working

With employees potentially working all over, it's essential to centralise and define security measures to mitigate the potential risks of remote working.

Enable data encryption on devices.

Any devices used when working from home should be set up with mobile device management for remote wipe/lock.

Ensure VPNs are updated and well-equipped, and store devices safely. These allow remote workers to securely access your IT systems.

Promptly report lost or stolen devices for swift action.

Ensure staff are regularly trained on cyber security risks and measures.

08

Secure video conferencing

Communicating with your team mates online, or even with family and friends, has become part of our day to day.

To stay safe while doing so, consider the following:

Only download software from trusted sources.

Review privacy settings and opt out of data sharing.

Use strong passwords and enable MFA.

Mind your surroundings, consider blurring backgrounds.

Keep calls private, use lobby or passwords to control access.

09

Be aware of phishing

Phishing attempts can come in many forms, most predominantly via email. Here’s what to check:

Is the greeting personal or generic?
Are there grammar and spelling errors?
Are the email and sender domain matching?
Are there suspicious attachments or links?
Evaluate logo and graphics quality. Does it look legit?
Is there a sense of urgency or threat?
What are they asking for? Caution any requests for personal info/payment details as official organisations will never ask for these. Call the company to verify if in doubt.

If you're in doubt, and it looks too good to be true, do not engage with the content. On some email accounts, there is an option to report Phishing attempts directly, so it's a great idea to use this in that instance.

Click here to learn more about phishing

We have compiled our key points into a useful hand-out you can use within your organisation with these steps to improve cyber hygiene. Feel free to share this with your wider organisation and teammates, or even family and friends, as it summarises the best practices we should all follow to increase our cyber protection.

Download our Cyber Security Best Practices sheet

Your local cyber security hubs

Within the UK, we are fortunate to have regional hubs that form a wider 'National Cyber Resilience Centre Group. They are Police-led not-for-profits, partnered with other local universities, businesses and government private sector, with the aim of stopping fraud and cyber crime through shared knowledge, expertise and activities to strengthen cyber resilience. They are great groups to join or stay aware of for support, guidance and updates; they're also free to sign up to.

The following hubs would be your nearest regional support network for the Milton Keynes, Bedfordshire, Buckinghamshire and wider area.

For other areas, find out which hubs support your local region here.

Covering all areas within Hampshire, Isle of Wight, Buckinghamshire, Berkshire, Oxfordshire, Surrey and Sussex.

Members benefit from helpful guidance, planning kits, tools and training materials as well as events and webinars to help you prevent your organisation from falling victim to cyber crime.

Find out more about the SECRC

Covering all areas within the East Midlands.

Members benefit from helpful guidance, cyber health assessments, planning kits, tools and training materials as well as events and webinars to help your organisations cyber resilience journey. You are also exposed to a larger network of specialists in your community.

Find out more about the EMCRC

National Cyber Security Centre (NCSC) guidance

Established as part of GCHQ (Government Communications Headquarters), the NCSC operates as a hub of expertise, providing strategic guidance, technical support, and actionable advice to governmental bodies, businesses, and individuals alike. It's mission encompasses not only proactive measures to mitigate cyber risks but also swift and effective responses to cyber incidents, thereby bolstering the overall resilience of the UK's cyber ecosystem making their advice and resources very valuable and important to be aware of.

You can read the latest Cyber Breaches 2024 Survey (released 9th April 2024) results which outlines Charities' in depth here.

Audience

Useful Resources

General - perfect for yourself, family & friends

Cyber Aware - NCSC

Check if your email address has been in a data breach

NCSC's 10 steps to cyber security

NCSC'S A-Z of cyber security

Specifically for Charities/not-for-profits

Early Warning Service

NCSC Resource Collection for Charities

Cyber Security guide for Charities

Protect your charity from fraud

NCSC's cyber security training for staff

Getting Cyber Essentials certified

Another crucial aspect to take into account is your certifications, specifically Cyber Essentials/Plus.

The Cyber Essentials certification provides charities with a structured framework to enhance their cyber security posture, covering 5 fundamental areas; network security, secure configuration, firewalls, patch management and malware protection. You and your organisation may already be adhering to these technical controls already meaning you would could already be ahead.

Data back up (1)

By attaining this certification, charities can demonstrate their commitment to protecting against common cyber threats, reducing the risk of data breaches, and ensuring the integrity of their operations. Moreover, Cyber Essentials certification can enhance the credibility of charities, reassuring stakeholders that their contributions are managed securely and responsibly. It's a great, proactive step for charities to mitigate cyber risks and uphold their reputation in an increasingly digital world.

Bluecube are a certified Cyber Essentials Partner, meaning we are official providers to local businesses and charities. Talk to us if you'd like to find out more about getting certified.

Learn more about Cyber Essentials and Cyber Essentials Plus

Charities we work with

Learn more

Hear more about our cyber security service

It's time to take action

Over a third of UK charities have reported experiencing some form of a cyber breach or attack in the last 12 months. Yet, only 6% of UK charities have invested in threat intelligence to identify cyber risks.

Bluecube has a 24x7x365 security operations centre (SOC) team with all the tools, experience, talent, software and systems to strengthen your business's resilience and keep pace with the ever-increasing volume and complexity of cyber threats.

*Source: UK GOV Cyber security breaches survey 2024

Contact Bluecube