From May 2018 the way we think about data and information will change. The General Data Protection Regulation (GDPR) is being put in place to strengthen and unify data protection for individuals within the European Union. GDPR will affect organisations in the UK despite Brexit. When the GDPR comes into force, organisations have the possibility of being fined up to 4% of their annual global turnover if they suffer a data breach.
Any organisation that does suffer a data breach will also need to inform any individual whose details have been compromised within 72 hours of the breach. Charities that suffer from a cyber security attack would have to inform all of their clients and donors that their information had been exposed. The consequences of this could be astronomical. People would be less likely to donate if they think you do not take your security seriously and your clients, especially if they are vulnerable, may no longer feel safe working with you.
To ensure that charities and non-profit organisations are taking the appropriate precautions to avoid the consequences of GDPR we have put together a list of the steps you can take to avoid a data breach.
Making sure that you have an anti-virus that scans your devices regularly is massively important. If you suffer a ransomware attack and your files are encrypted this is a data breach. Making sure that you are regularly scanning your IT environment is essential.
Having to keep installing updates on your devices can be annoying, but they’re there to keep you safe. Patches are there to fight against any holes in security that might have been discovered. If your patches are up to date then you know that all the known security weaknesses are being covered.
Anti-Spam is the best deterrent to phishing emails. While they do still get through, it fights against the majority. Phishing emails can come complete with malicious links and attachments that could cause a data breach.
A Firewall monitors and controls the traffic to your network. It’s important to make sure there’s nothing malicious entering your network.
End User Education
Making sure that your staff understand the risks of cyber security and how to spot possible threats is essential. They are your last line of defence before something happens. If a phishing email comes through, it’s down to your staff’s decisions what happens next.
Everyone has got an IT policy and most people haven’t read it. If you want people to take your IT policy seriously and make sure it is understood, you should make sure it is short and easy to read.
Backup and Disaster Recovery
When everything has gone wrong you want to be sure that at least one headache is removed and you will be able to get your data back.
We have put together a slideshare below to summarise what you and your charity need to be aware of with GDPR. If you are about GDPR or your cyber security please do not hesitate to get in touch on 01675 469020 or download our Cyber Security Playbook.