The past 20 months have increased the amount we rely on technology. Yet for those of us who have been encouraging and supporting the use of digital tools for some time, we see a much broader transition happening right through the sector.
Well before the challenges of Covid-19, the voluntary sector was already starting to embrace the potential of digital. Many organisations were beginning to develop new online services, increase their investment in technology and utilise cloud services to make back-office processes more efficient and effective.
However, while there are significant benefits to these new ways of working, there is also a need to mitigate the risks of operating online and improve cyber security. If an organisation lost access to its IT and online systems today, it would struggle to function. It’s perhaps all too easy to recall recent news stories of major organisations whose operation has been significantly impacted by a cyber attack.
Organisations are also now more and more interdependent, sharing data and systems to carry out our work. All partners needs the confidence, and will increasingly scrutinise, that everyone has good cyber security measures in place.
What those measures are will vary depending on an organisations size and scope.
Most charities and voluntary organisations in Scotland are small, and entirely run by volunteers or a small number of paid staff. This clearly has implications for their ability to improve cyber security, as they will not have IT or cyber expertise in-house. Understanding this means recommendations should be practical and as straightforward as possible to implement.
Starting with clear and actionable steps is key. Highlighting other organisations that have undergone change helps small organisations see how it’s possible to become cyber aware without the need for any formal education. Workshops like the Scottish Business Resilience Centre’s newly launched ‘Micro Exercises’, which is both free of charge and speaks to all levels of technical expertise, can provide a bite-sized chance to get some practical ideas to take back to the office to adopt.
Organisations clearly want to prioritise the delivery of services to people and communities, but protecting your digital infrastructure is critical
Another route for organisations to equip themselves is through acquiring the National Cyber Security Centre’s Cyber Essentials Certification. Having supported almost 200 organisations already on this journey, we hope for a ripple effect of understanding, awareness and collaborative learning about cyber security in the sector.
It is also important to consider the need to ensure there is adequate investment in cyber security. Organisations clearly want to prioritise the delivery of services to people and communities, but protecting your digital infrastructure is critical to ensure those services are not vulnerable. We would always ensure our windows were shut and doors were locked when we left a building, and the same should be true of our digital infrastructure as our physical infrastructure.
Changing the culture around cyber resilience and making the case for more investment can take a while. That’s where collaboration with and learning from organisations in other sectors can help. As boards start to get cyber resilience issues on their agenda, they’ll need to draw on a range of tools and approaches which have worked in other sectors.
SCVO is delighted to be part of the CyberScotland Partnership, helping to support organisations to enhance cyber security through common approaches, learning and action across the public, private and voluntary sectors.
The coming months and years will see us to continue to ensure that we help organisations who achieve amazing things can continue their work, and aren’t taken offline by being vulnerable to cyber attack.
David McNeill is Director of Development at SCVO (The Scottish Council for Voluntary Organisations)