POP welcomed Mark Moore from The Cyber Resilience Centre for the South West. https://www.swcrc.co.uk/ at our last POP Bites member’s networking event to cover the basics of how to be safer digitally. The SWCRC helps to keep charities and organisations safe across the SW. Stats show 1 in 3 businesses and around 1 in 4 charities have been affected by cyber attacks.
SWCRC have a FREE service:
- Plain English guidance and 12-week starter programme
- Follow up contact to check you’re getting on ok (and a free consultation if you want it)
- Monthly updates to keep you briefed on new scams and protection
- Free webinars to talk organisations through key topics
- Links to useful collaborators
Key things we can all do now to protect our organisations and ourselves:
Passwords and 2fa (2 factor authentication)
This is the main thing we all need to get right as this is where most of the breaches will come from.
It’s better to remember a couple of really important passwords and not write anything down and leave on a post it next to your computer! https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
It’s ok to use the auto reminder function – browser security / password manager (as long as you’re not sharing your computer/mobile). If you use another computer it’s easy to do a password reset to access what you need. https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
Password manager options – can be free. https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
2fa – this is definitely a good thing and mostly sits in the background unless you login on a different device.
SWCRC can help you with all of this, there’s plenty of information on how to set things up and you can have a call with one of their advisors.
Backup
We often think our documents and data will be stored safely in the cloud but if you use MS Office or other software, you still need to back it up. If it gets scrambled, it would be saved BUT scrambled in the cloud. You can add an automated/manual backup solution for this and other software you’re using eg Airtable, Softr, Xero etc.
Do you have an IT support company looking after data? Have a 6 monthly check in with them to make sure all is in order.
Plan ahead – if you suffer an attack, what would your steps be???
Training
Train yourself, your staff and volunteers.
Devon & Cornwall has trainers available. There’s a half hour e-learning module for new people joining an organisation.
Run Updates
If you have volunteers using their own home computers or phones, this is a real risk – it could be downloading spyware / viruses onto your organisations system.
For mobile devices, if they fall out of updates then this is a real risk. It can be better to pay more for up-to-date hardware and software than suffer a breach.
Access Management
When people exit the organisation, do you have a process for shutting down their access? Closing their email etc.
Some useful links:
National Cyber Security Centre (part of GCHQ). Basic check service link: https://basiccheck.service.ncsc.gov.uk/
Forward spam to this email: report@phishing.gov.uk
Forward text spam to this number: 7726
Check if your email address is in a data breach: https://haveibeenpwned.com/
SWCRC’s Slides: https://drive.google.com/file/d/1pZhRLDcN590fY_catahuiRu8pM4j5ZoR/view?usp=sharing
SWCRC’s 1-page Brochure: https://drive.google.com/file/d/1M0pEnO35Q9IBhI_-8bIIMM1sNaXrWGah/view?usp=sharing
Thanks to Mark Moore, Police Officer / CEO of The Cyber Resilience Centre for the South West. https://www.swcrc.co.uk/