Securing organisations for tomorrow
Cyber readiness resources for charities
Protect your people, data & IT infrastructure with our actionable advice to enhance your charity's cyber hygiene
The foundations of basic cyber hygiene
While cyber security is a complex field that requires specialist expertise, we want to ensure that you have taken all necessary steps to protect yourself at a fundamental level. To enhance your cyber resilience and defend against advanced threats beyond this, it is essential to collaborate with an experienced MSSP, like Bluecube, who will conduct a thorough audit and penetration testing and provide the relevant cyber security services you need.
01
Create long and strong passwords
To create a robust password, follow these four steps:
Use unique passwords for each service (work, email, social media, banking etc)
Opt for longer passwords; 24 characters is ideal
Craft memorable phrases (passphrases)
Mix capital letters, numbers and symbols when making your phrases (e.g. Ba8ysF1RSth0L!daywA5FUn)
Store passwords securely by utilising password managers or store them in a secure offline location away from devices if you have to.
02
Enable multi-factor authentication
Adding extra layers of protection to your accounts is now a necessity
Your username and password alone are no longer sufficient for securing your accounts. While it adds an extra step, it can act as a safeguarding factor by using other forms of identification that cybercriminals will not know or have access to. By setting up MFA you can use:
Something you know: password, memorised pin
Something you have: unique SMS code, authenticator app
Something you are: facial or fingerprint recognition (biometrics)
03
Update devices with latest software
Updating software for security is often referred to as 'patching'
One of the most common ways cybercriminals gain access to systems is by exploiting gaps in outdated software. When a vulnerability is discovered, developers work to create a patch that closes the hole. This is deployed through software updates which is why it's so important to stay on top of them.
Turn on automatic updates
Shut down laptops and computers; closing the lid will not allow updates to take place
Don't ignore or postpone them. Install them as soon as they become available
04
Regular, proven backups
In the event of a incident, you should have peace of mind that your data is still accessible somewhere, somehow.
Incident recovery involves restoring backed up data, so ensuring regular, tested backups is key. A good rule to follow is the 3-2-1 backup rule to increase your data's protection:
Always keep 3 copies of your data
Use at least 2 different media types (e.g. cloud, data centre)
Keep 1 offline copy at an offsite location.
Another great thing to do is ensure you have automatic backups enabled on your devices and frequently test if you can successfully restore your data.
05
Keep IT equipment safe
Risks can arise offline too. Protect your IT equipment when outside the office.
Never leave laptops, tablets, or phones in vehicles overnight, even when attended.If you are in the office, try to adhere to a clear desk policy or store your necessary, sensitive files and equipment securely.
Do not write down sensitive information or passwords. Use encrypted, online data storage tools.
Consider encrypting device storage using BitLocker or FileVault for added data. security, especially for larger IT estates.
Keep equiptment hidden and secure with locks or access controls when not in use.
06
User awareness & education
People are central to your organisation, but they can also be a big risk factor.
Staff at all levels should engage in cyber security training to avoid human error and this can be done in a number of ways.
- Regular refresher training.
- Simulated phishing exercises.
- Enrol staff in modern training plans.
- Promote the use of the free online cyber security resources that are available to them.
- Allow your staff time to engage and invest in their education.
- Remove unused accounts for inactive or old accounts
- Reduce access rights, so only the authorised people have access to privileged information and data
07
Secure remote working
With employees potentially working all over, it's essential to centralise and define security measures to mitigate the potential risks of remote working.
Enable data encryption on devices.
Any devices used when working from home should be set up with mobile device management for remote wipe/lock.
Ensure VPNs are updated and well-equipped, and store devices safely. These allow remote workers to securely access your IT systems.
Promptly report lost or stolen devices for swift action.
Ensure staff are regularly trained on cyber security risks and measures.
08
Secure video conferencing
Communicating with your team mates online, or even with family and friends, has become part of our day to day.
To stay safe while doing so, consider the following:
Only download software from trusted sources.
Review privacy settings and opt out of data sharing.
Use strong passwords and enable MFA.
Mind your surroundings, consider blurring backgrounds.
Keep calls private, use lobby or passwords to control access.
09
Be aware of phishing
Phishing attempts can come in many forms, most predominantly via email. Here’s what to check:
- Is the greeting personal or generic?
- Are there grammar and spelling errors?
- Are the email and sender domain matching?
- Are there suspicious attachments or links?
- Evaluate logo and graphics quality. Does it look legit?
- Is there a sense of urgency or threat?
- What are they asking for? Caution any requests for personal info/payment details as official organisations will never ask for these. Call the company to verify if in doubt.
If you're in doubt, and it looks too good to be true, do not engage with the content. On some email accounts, there is an option to report Phishing attempts directly, so it's a great idea to use this in that instance.
Your local cyber security hubs
Within the UK, we are fortunate to have regional hubs that form a wider 'National Cyber Resilience Centre Group. They are Police-led not-for-profits, partnered with other local universities, businesses and government private sector, with the aim of stopping fraud and cyber crime through shared knowledge, expertise and activities to strengthen cyber resilience. They are great groups to join or stay aware of for support, guidance and updates; they're also free to sign up to.
The following hubs would be your nearest regional support network for the Milton Keynes, Bedfordshire, Buckinghamshire and wider area.
For other areas, find out which hubs support your local region here.
![Picture3](https://www.bluecube.tech/hs-fs/hubfs/Picture3.png?width=503&height=239&name=Picture3.png)
Covering all areas within Hampshire, Isle of Wight, Buckinghamshire, Berkshire, Oxfordshire, Surrey and Sussex.
Members benefit from helpful guidance, planning kits, tools and training materials as well as events and webinars to help you prevent your organisation from falling victim to cyber crime.
![Picture2](https://www.bluecube.tech/hs-fs/hubfs/Picture2.png?width=702&height=286&name=Picture2.png)
Covering all areas within the East Midlands.
Members benefit from helpful guidance, cyber health assessments, planning kits, tools and training materials as well as events and webinars to help your organisations cyber resilience journey. You are also exposed to a larger network of specialists in your community.
National Cyber Security Centre (NCSC) guidance
Established as part of GCHQ (Government Communications Headquarters), the NCSC operates as a hub of expertise, providing strategic guidance, technical support, and actionable advice to governmental bodies, businesses, and individuals alike. It's mission encompasses not only proactive measures to mitigate cyber risks but also swift and effective responses to cyber incidents, thereby bolstering the overall resilience of the UK's cyber ecosystem making their advice and resources very valuable and important to be aware of.
You can read the latest Cyber Breaches 2024 Survey (released 9th April 2024) results which outlines Charities' in depth here.
Audience | Useful Resources |
General - perfect for yourself, family & friends |
Check if your email address has been in a data breach |
Specifically for Charities/not-for-profits |
NCSC Resource Collection for Charities Cyber Security guide for Charities |
Getting Cyber Essentials certified
Another crucial aspect to take into account is your certifications, specifically Cyber Essentials/Plus.
The Cyber Essentials certification provides charities with a structured framework to enhance their cyber security posture, covering 5 fundamental areas; network security, secure configuration, firewalls, patch management and malware protection. You and your organisation may already be adhering to these technical controls already meaning you would could already be ahead.
By attaining this certification, charities can demonstrate their commitment to protecting against common cyber threats, reducing the risk of data breaches, and ensuring the integrity of their operations. Moreover, Cyber Essentials certification can enhance the credibility of charities, reassuring stakeholders that their contributions are managed securely and responsibly. It's a great, proactive step for charities to mitigate cyber risks and uphold their reputation in an increasingly digital world.
Bluecube are a certified Cyber Essentials Partner, meaning we are official providers to local businesses and charities. Talk to us if you'd like to find out more about getting certified.
Hear more about our cyber security service
It's time to take action
Over a third of UK charities have reported experiencing some form of a cyber breach or attack in the last 12 months. Yet, only 6% of UK charities have invested in threat intelligence to identify cyber risks.
Bluecube has a 24x7x365 security operations centre (SOC) team with all the tools, experience, talent, software and systems to strengthen your business's resilience and keep pace with the ever-increasing volume and complexity of cyber threats.
Recent cyber security articles Recent cyber security articlesRecent cyber security articles
Recent cyber security articles Recent cyber security articles Recent cyber security articles
Cyber security
![](https://www.bluecube.tech/hs-fs/hubfs/Stock%20Imagery/Bluecube-Image-Home-14.jpg?width=596&name=Bluecube-Image-Home-14.jpg)
How to keep your business secure when remote working
To ensure that a business is secure, workers should be...
![](https://www.bluecube.tech/hs-fs/hubfs/Bluecube%20Imagery/2023%20cropped%20website%20images/IMG_6631_high_res%20cropped.jpg?width=596&name=IMG_6631_high_res%20cropped.jpg)
![](https://www.bluecube.tech/hs-fs/hubfs/Bluecube%20Imagery/2023%20cropped%20website%20images/IMG_7050_web_readycropped.jpg?width=596&name=IMG_7050_web_readycropped.jpg)
From Slopes to Servers: Navigating cyber risks in the winter season with Cyber Essentials
It’s the ski (or snowboard) season; how can that be...
![Bluecube employee looking at screen](https://www.bluecube.tech/hs-fs/hubfs/Bluecube%20Imagery/2023%20cropped%20website%20images/IMG_7071_high_rescropped.jpg?width=596&name=IMG_7071_high_rescropped.jpg)
New Year, New Regulations for 2024
Several significant IT and cyber security regulations...
![](https://www.bluecube.tech/hs-fs/hubfs/Stock%20Imagery/3-images-image-1.jpg?width=596&name=3-images-image-1.jpg)
Cyber Awareness for the Festive Season
The holiday season is here, and the temptation of...
![](https://www.bluecube.tech/hs-fs/hubfs/IMG_6746_web_ready.jpg?width=596&name=IMG_6746_web_ready.jpg)
Beyond 'Password123': Strategies for strong and unique passwords
In an increasingly digital world, the importance of...
![](https://www.bluecube.tech/hs-fs/hubfs/IMG_6130_high_res.jpg?width=596&name=IMG_6130_high_res.jpg)
Fortifying your digital defences: The crucial role of software updates in cyber security
In our increasingly interconnected world, where...
![](https://www.bluecube.tech/hs-fs/hubfs/IMG_6109_high_res-1.jpg?width=596&name=IMG_6109_high_res-1.jpg)
![Man working on screen](https://www.bluecube.tech/hs-fs/hubfs/Bluecube-Image-Template-2.png?width=596&name=Bluecube-Image-Template-2.png)
Legislation - How can organisations respond to increasing goverment regulation for cyber security?
In recent years, the digital landscape has witnessed...
![](https://www.bluecube.tech/hs-fs/hubfs/Richard%20Winter%20website%20.jpg?width=596&name=Richard%20Winter%20website%20.jpg)
Welcoming Richard Winter as Chief Cyber Officer
Bluecube Technology Solutions is thrilled to announce...