Cyber and data security How prepared is your charity?

Size: px
Start display at page:

Download "Cyber and data security How prepared is your charity?"

Transcription

1 Cyber and data security How prepared is your charity?

2 1 Executive summary In this report we reveal the results of our survey 54% of respondents didn t know or said their charity was not well equipped to fend off a cyber security attack We discover that only 14% of respondents believed their charity was very well protected against cyber and data security breaches Over half (54%) either didn t know or said their charity was not well equipped to fend off a cyber security attack But it s not all doom and gloom the overwhelming majority (70%) believed they had processes in place to raise staff awareness of the importance of cyber and data security. Charities are the same as any other company large or small when it comes to information security. They have assets that need protecting including information, threats to counter and a myriad of problems to deal with. This report provides an overview of the current state of play within the sector as well as some top tips on how charities can improve their cyber and data security. Charities are the same as any other company large or small when it comes to information security. They have assets that need protecting including information, threats to counter and a myriad of problems to deal with. A cyber attack on a small UK-based charity last year, where terrorist propaganda and offensive material replaced the website, shows the Third Sector is not immune. Limited resources should not prevent charities from striving to protect valuable data from attack, theft or human error. The Information Commissioner s Office (ICO) is tightening the rules, meaning heftier fines for those that don t comply. Currently, the ICO can levy fines up to 500,000 per infringement but that is set to increase in the near future.

3 2 When things go wrong A care home received a 15,000 fine for not looking after sensitive personal details in its care. An ICO investigation found widespread systemic failings in data protection at the nursing home at the time of a data breach. A member of staff took an unencrypted work laptop home and the laptop was stolen during a burglary. It contained sensitive personal details relating to 46 staff including reasons for sickness absence and disciplinary information. It also held some details about 29 residents including their date of birth, mental and physical health and do not resuscitate status. The cyber landscape Cyber attacks and data security breaches are never out of the headlines and it s not just large corporations who are victims. The scale of the problem is immense the profits made by selling stolen data worldwide have exceeded 500 billion. And alongside the criminals, who make big business out of stealing then selling data, human error is the biggest threat to charities. Liam Greene, cyber specialist at Markel UK said There are two issues; raising awareness of cyber threats and helping organisations consider appropriate action. The awareness has significantly changed in the last few years, but acting on these threats has yet to reach a tipping point, uncertainty rather than apathy being the main trend. Third Sector Insight surveyed 214 people to find out how well protected they thought their charity was against a cyber attack or data security breach and the results were surprising. As our headline figures reveal, only 14% of respondents believed their charity was very well protected, fewer in fact, than those who said their charity was not well protected at all. 34% said they believed they were well protected with a tiny proportion feeling their charity was totally insecure. Are charities well protected? Cyber Insurers and risks managers are still reporting only gradual changes in decision making. Liam Greene, Markel UK Only 14% of respondents believed their charity was very well protected 34% said they believed they were well protected Frighteningly, over half (54%) either didn t know or said their charity was not well equipped to fend off a cyber security attack.

4 3 Support While many charities cannot prioritise spending money on the latest equipment and software, good technical support is important to ensure the secure running of IT systems. If in-house support is not possible, then it is worth investigating an arrangement with a third-party, although entering into an agreement does not absolve the responsibility. When asked whether their charity had any cyber security support to protect itself 43% said they did, whereas 33% said they didn t have any such support and a further 24% didn t know if they had any support inhouse or with a third party in place. These findings indicate that while it may be difficult to juggle limited time and resources, charities need to find a way to prioritise protecting valuable data. This is particularly pertinent since the overwhelming majority (70%) said they had data capture and interactive areas on their websites. Software and data protection It is every employee s responsibility to know the terms set out within the Data Protection Act Hackers exploit many vulnerabilities through software. This includes operating systems, applications and even some of the anti-malware that should be protecting systems. To prevent security breaches, this software should be kept up-to-date. Failure to do so, can allow criminals access to loopholes and to steal valuable data, leading to hefty fines for charities. When asked, a third said their software was updated weekly, but the same amount didn t know how often it was updated. Keeping up to date with the Data Protection Act is a essential for anyone dealing with data. Nowadays, individuals can be held liable for breaches as much as an organisation. I didn t know will no longer wash with high court judges. It is every employee s responsibility to know the terms set out within the act. Comfortingly, 89% of respondents said they were very familiar or familiar with the Data Protection Act, with only 11% claiming total ignorance.

5 4 Keeping data safe Sending files of data over means the password should be strong and sent separately. In January this year, the ICO issued an Enforcement Notice on the Alzheimer s Society because of two separate security breaches the charity suffered. One attack related to their website, the other was human error. Fifteen volunteers who joined in 2007 and had not received dataprotection training used their personal addresses to share information about the charity s users and were storing unencrypted data on their computers at home. Procedures to protect data Information including databases of supporters, clients or staff is vital to the running of any charity. All information, whether safely stored on a server, or kept on portable equipment such as laptops, external hard-drives or USB sticks must also be kept safe. Whether it is locked in the office or taken out, it is essential that information security such as encryption is used to keep it from falling into the wrong hands. Time and again, newspapers have reported data thefts occurring due to human error whether a laptop was stolen from the front seat of a car or a USB stick was dropped on the bus these incidents would be less dramatic if the information contained was properly protected. Our survey showed that 59% of respondents said their data was encrypted, with 41% veering between not encrypting, 12% thinking about it and 13% not knowing. Do charities have data encryption? 59% of respondents said their data was encrypted 13% didn t know if their data was encrypted Charities need to make it mandatory for staff to demonstrate their information security knowledge before they are allowed to handle any forms of data. Again, the overwhelming majority (70%) believed they had processes in place to raise staff awareness of the importance of cyber and data security. But that is not enough. All charities should introduce a process for staff that raises awareness of the importance of securing information. They need to make it mandatory for staff to demonstrate their information security knowledge before they are allowed to handle any forms of data.

6 5 If the worst happens how you would deal with the incident? Through a service provider Chaotically We don t know but consider an incident unlikely Planning & risk management Unfortunately, accidents do happen. Data might get lost or stolen and hackers might compromise security systems. It is a good idea for charities to have a plan of action in place a set of written crisis response guidelines that are freely available to all staff. Only 38% of those that answered the survey said such a plan existed within their organisation. 41% said there were no written guidelines and a further 21% didn t know. Cyber security planning 38% said they have a cyber security plan of action in place 41% said no written guidelines 21% didn t know A comprehensive cyber policy acts as a first response and protects your organisation from the moment a cyber or data breach occurs. It covers your own liability as well as legal, IT security and regulatory costs that may occur to contain a breach before a claim arises. Furthermore, 70% of charities that took part didn t have any specialist insurance protection in place. Whilst cyber insurance is not a replacement for robust IT security, data protection and a response plan, it can act as a safety net. A comprehensive cyber policy acts as a first response and protects your organisation from the moment a cyber or data breach occurs. It covers your own liability as well as legal, IT security and regulatory costs that may occur to contain a breach before a claim arises.

7 6 Conclusion Too many charities are happy to put the security of their systems, including the data held on them, into the hands of a third party. One of the major issues around data protection is that charities don t always know where their sensitive information is, let alone how to protect it. Another problem that has become clear as a result of this survey is that too many charities are happy to put the security of their systems, including the data held on them, into the hands of a third party. This, they deem, is a fail safe, until the worst happens. A defined security policy, along with a crisis management plan and a cyber insurance policy should be at the heart of every charity s strategy. From the results of the survey, it is clear that at present, for the majority at least, it is not. Employees, management and volunteers as well as the trustees need to be armed with sufficient knowledge to allow them to spot potential problems and have the power to speak up and put solutions in place. That way, it provides a safe framework for the charity to operate under and ensure that its data is protected and systems are in place to prevent a cyber attack from happening.

8 7 Six cyber and data tips 1 Staff awareness & training Consider both accountability at board level and the day-to-day good practice for employees or volunteers with responsibility for IT systems or handling data. This concerns both physical and electronically held data. Avoid over-confidence in IT 2 Do the basics: safe password policy, frequent back-ups, software security controls & updates in place, but remember no system is faultless and human error, not the IT security, is often the main source of weakness. Access to advice 3 IT & Risk management service providers, along with insurers, banks and online payment processers are able to share their wide industry awareness of issues and trends. A more specific service provider or insurance policy may give you direct access to a cyber expert as an added benefit. 4 Cyber insurance policies Manages unknown costs and risk both for dealing with costs of an incident using the insurer s cyber experts, costs for any business interruption, and ability to defend a claim. 5 Awareness of scams and identity fraud are one of the consequence of hacking and stolen data, and the scams are ever more imaginative. Use the telephone to verify payment transactions, and keep dual controls of changes and instructions. 6 Keep updated with guidance from the ICO The Information Commissioners Office is a resource for practical advice and issues such as encryption, and will also keep organisations updated on developments with potential changes to EU Data Protection law, and how this applies in the UK. Find out more at for-organisations/charity/

9 8 About Markel Markel protect thousands of third sector organisations across the UK including: Charities Community groups Not for profit organisations Care providers Our specialist charity insurance provides cover against a whole range of risks, giving you the peace of mind that if something unexpected happens, your organisation is covered by an expert. We also offer a range of exclusive benefits and services for policyholders providing practical advice and professional help from industry experts to help prevent and manage claims situations. To find out more about charity insurance visit:

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business

More information

Panda Security 2010 Page 1

Panda Security 2010 Page 1 Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency

More information

The Cyber War on Small Business

The Cyber War on Small Business The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber

More information

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Cyber fraud and its impact on the NHS: How organisations can manage the risk Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk

NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk IT Matters Forum July 2017 Alan Calder Founder & Executive Chairman IT Governance Ltd Introduction Alan Calder Founder IT

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

Your security on click Jobs

Your security on click Jobs Your security on click Jobs At Click Jobs is a trading name of Raspberry Recruitment Limited, we're committed to helping you find the right job in a safe and secure environment. On these pages, you can

More information

Entertaining & Effective Security Awareness Training

Entertaining & Effective Security Awareness Training Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee

More information

Second International Barometer of Security in SMBs

Second International Barometer of Security in SMBs 1 2 Contents 1. Introduction. 3 2. Methodology.... 5 3. Details of the companies surveyed 6 4. Companies with security systems 10 5. Companies without security systems. 15 6. Infections and Internet threats.

More information

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

Cyber Attack: Is Your Business at Risk?

Cyber Attack: Is Your Business at Risk? 15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry

More information

Data Protection and Information Security. Presented by Emma Hawksworth Slater and Gordon

Data Protection and Information Security. Presented by Emma Hawksworth Slater and Gordon Data Protection and Information Security Webinar Presented by Emma Hawksworth Slater and Gordon 1 3 ways to participate Ask questions link below this presentation Answer the polls link below this presentation

More information

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable

More information

The New Government Security Classification System -

The New Government Security Classification System - The New Government Security Classification System -? Industry The guidance in this booklet is being developed for use from April 2014. It is but is being shared with industry in order to raise awareness

More information

8. AUTOMATED DECISION MAKING DURING DATA PROCESSING FURTHER INFORMATION FURTHER INFORMATION AND GUIDANCE CONTACT US...

8. AUTOMATED DECISION MAKING DURING DATA PROCESSING FURTHER INFORMATION FURTHER INFORMATION AND GUIDANCE CONTACT US... Contents 1. DEFFINITIONS... 2 2. INTRODUCTION... 2 3. WHO WE ARE... 2 4. JUSTIFICATION FOR PROCESSING PERSONAL DATA... 2 5. LAWFUL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA... 3 5.1 LEGITIMATE

More information

The Data Breach: How to Stay Defensible Before, During & After the Incident

The Data Breach: How to Stay Defensible Before, During & After the Incident The Data Breach: How to Stay Defensible Before, During & After the Incident Alex Ricardo Beazley Insurance Breach Response Services Lynn Sessions Baker Hostetler Partner Michael Bazzell Computer Security

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

Risk Outlook Anti money Laundering and Cybercrime. Steve Wilmott and George Hawkins

Risk Outlook Anti money Laundering and Cybercrime. Steve Wilmott and George Hawkins Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins Introductions Steve Wilmott, Director of Intelligence and Investigations George Hawkins, Senior Technical Advisor, Risk

More information

CyberEdge. End-to-End Cyber Risk Management Solutions

CyberEdge. End-to-End Cyber Risk Management Solutions CyberEdge End-to-End Cyber Risk Management Solutions In a rapidly changing landscape, CyberEdge provides clients with an end-to-end risk management solution to stay ahead of the curve of cyber risk. CyberEdge

More information

Data protection policy

Data protection policy Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees

More information

Disk Encryption Buyers Guide

Disk Encryption Buyers Guide Briefing Paper Disk Encryption Buyers Guide Why not all solutions are the same and how to choose the one that s right for you.com CommercialSector Introduction We have written this guide to help you understand

More information

Data Breach Notification Policy

Data Breach Notification Policy Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

Data Handling Security Policy

Data Handling Security Policy Data Handling Security Policy May 2018 Newark Orchard School Data Handling Security Policy May 2018 Page 1 Responsibilities for managing IT equipment, removable storage devices and papers, in the office,

More information

10 Hidden IT Risks That Might Threaten Your Business

10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Cyber Security Stress Test SUMMARY REPORT

Cyber Security Stress Test SUMMARY REPORT Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second

More information

You ve Been Hacked Now What? Incident Response Tabletop Exercise

You ve Been Hacked Now What? Incident Response Tabletop Exercise You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips

More information

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS Introduction The world of cybersecurity is changing. As all aspects of our lives become increasingly connected, businesses have made

More information

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017 General Data Please note: - This legislation is untested and open to interpretation. - I am not a Privacy or Data Protection Solicitor. - Should you have any concerns or queries please seek legal advice

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity Building a Business Case for Cyber Threat Intelligence 5Reasons Your Organization Needs a Risk-Based 5Approach to Cybersecurity 5 Reasons for a Risk-Based Approach to Cybersecurity The Bad Guys are Winning

More information

Moving from Prevention to Detection March 2017

Moving from Prevention to Detection March 2017 www.pwc.com Moving from Prevention to Detection Le Tran Hai Minh Manager Cyber Security 29 Agenda Slide Cyber Security Statistics 3 How to Stay Confidence 8 Contact 19 2 Cyber Security Statistics 3 Cyber

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US

More information

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic

More information

Why a Physical Security Policy is Integral to GDPR Compliance

Why a Physical Security Policy is Integral to GDPR Compliance Why a Physical Security Policy is Integral to GDPR Compliance Disclaimer: Nothing contained herein should be construed as legal advice. Organisations should consult legal counsel with regard to compliance

More information

ANNUAL SECURITY AWARENESS TRAINING 2012

ANNUAL SECURITY AWARENESS TRAINING 2012 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012 NETWORK AND COMPUTER USE POLICY Users of information technology

More information

Our Data Protection Officer is Andrew Garrett, Operations Manager

Our Data Protection Officer is Andrew Garrett, Operations Manager Construction Youth Trust Privacy Notice We are committed to protecting your personal information Construction Youth Trust is committed to respecting and keeping safe any personal information you share

More information

Cyber Security. Building and assuring defence in depth

Cyber Security. Building and assuring defence in depth Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed

More information

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: October Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments,

More information

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic

More information

Up in the Air: The state of cloud adoption in local government in 2016

Up in the Air: The state of cloud adoption in local government in 2016 Up in the Air: The state of cloud adoption in local government in 2016 Introduction When a Cloud First policy was announced by the Government Digital Service in 2013, the expectation was that from that

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning

More information

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users. Smile IT Ltd Privacy Policy Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users. At Smile IT we value our clients and we re committed to protecting your

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database Making the UK more resilient against Cybercrime Date: August 2017 Reference: 0449-CYB This Red Alert is issued by the United Kingdom

More information

FOREWORD DR PHILIP SMITH MBE CHAIRMAN MILTON KEYNES BUSINESS LEADERS PARTNERSHIP

FOREWORD DR PHILIP SMITH MBE CHAIRMAN MILTON KEYNES BUSINESS LEADERS PARTNERSHIP 02 FOREWORD Criminals who target businesses present a significant threat to those businesses, their customers and their clients. But the police have limited resources to tackle the problem and many incidents

More information

Jeff Wilbur VP Marketing Iconix

Jeff Wilbur VP Marketing Iconix 2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online

More information

An overview of mobile call recording for businesses

An overview of mobile call recording for businesses An overview of mobile call recording for businesses 1 3 WHY DO WE NEED MOBILE CALL RECORDING? 4 STAYING AHEAD OF THE CHANGING REGULATORY LANDSCAPE Regulatory compliance and mobile call recording FCA (Financial

More information

Electronic Communications with Citizens Guidance (Updated 5 January 2015)

Electronic Communications with Citizens Guidance (Updated 5 January 2015) Electronic Communications with Citizens Guidance (Updated 5 January 2015) Overview - Email Activities Outside Of The Scope Of The Policy And This Guidance Requests To Use Email/SMS Outside The Scope Of

More information

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response CYBER INCIDENT REPORTING GUIDANCE Industry Reporting Arrangements for Incident Response DfT Cyber Security Team CYBER@DFT.GSI.GOV.UK Introduction The Department for Transport (DfT) has produced this cyber

More information

Date Approved: Board of Directors on 7 July 2016

Date Approved: Board of Directors on 7 July 2016 Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory

More information

What is the website's privacy policy?

What is the website's privacy policy? What is the website's privacy policy? BEST FRIEND LIMITED t/a The Fleece Hotel CUSTOMER PRIVACY POLICY Best Friend Limited (BF) Limited is a company registered in England and Wales (collectively referred

More information

Cyber risk Getting the boardroom focus right

Cyber risk Getting the boardroom focus right Cyber risk Getting the boardroom focus right Cyber attacks have become substantially more malicious and larger scale over last few years, causing much greater harm to organisations and elevating cyber

More information

Mobile Computing Policy

Mobile Computing Policy Mobile Computing Policy Overview and Scope 1. The purpose of this policy is to ensure that effective measures are in place to protect against the risks of using mobile computing and communication facilities..

More information

SHS Annual Information Privacy and Security Training

SHS Annual Information Privacy and Security Training SHS Annual Information Privacy and Security Training Purpose for Training Samaritan Health Services has created the following training to meet the annual regulatory requirements for education related to

More information

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk CURTIS BANKS LIMITED Privacy Information Notice curtisbanks.co.uk Contents Section Page 1 Who we are 3 2 Why we need to collect, use and process personal information 3 3 The information we may collect,

More information

BIG DATA INDUSTRY PAPER

BIG DATA INDUSTRY PAPER BIG DATA INDUSTRY PAPER Encryption Key Management INFORMATION-RICH BIG DATA IS UNDER INCREASING THREAT OF THEFT AND BUSINESS DISRUPTION. AS THE NETWORKS AND TECHNOLOGIES THAT ENABLE BIG DATA COLLECTION,

More information

PTLGateway Data Breach Policy

PTLGateway Data Breach Policy 1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This

More information

The essential guide to creating a School Bring Your Own Device Policy. (BYOD)

The essential guide to creating a School Bring Your Own Device Policy. (BYOD) The essential guide to creating a School Bring Your Own Device Policy. (BYOD) Contents Introduction.... 3 Considerations when creating a BYOD policy.... 3 General Guidelines for use (Acceptable Use Policy)....

More information

The power management skills gap

The power management skills gap The power management skills gap Do you have the knowledge and expertise to keep energy flowing around your datacentre environment? A recent survey by Freeform Dynamics of 320 senior data centre professionals

More information

Evolution of Spear Phishing. White Paper

Evolution of Spear Phishing. White Paper Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest

More information

Data Protection Policy

Data Protection Policy The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this

More information

Data protection. 3 April 2018

Data protection. 3 April 2018 Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd

More information

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief 5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren

More information

GDPR Policy WECare Worldwide

GDPR Policy WECare Worldwide GDPR Policy WECare Worldwide MAY 2018 GDPR policy, WECare Worldwide WECare 1 WECare Worldwide s commitment to GDPR WECare Worldwide ( WECare ) is both a UK registered charity (1162386) and a Sri Lankan

More information

PS 176 Removable Media Policy

PS 176 Removable Media Policy PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data

More information

For our services, the data controller (the company that s responsible for your privacy), is Rent a Van 365 Limited. Registered address:

For our services, the data controller (the company that s responsible for your privacy), is Rent a Van 365 Limited. Registered address: Web Privacy Policy Rent a Van 365 Ltd is committed to protecting your personal information. This policy aims to help you to understand what information we may collect about you and how we use it. We are

More information

Privacy and Data Protection Policy

Privacy and Data Protection Policy Privacy and Data Protection Policy Introduction 1. The Ripple Pond is committed to ensuring the secure and safe management of personal data held by the Charity in relation to Beneficiaries, Staff, Trustees,

More information

Unit 2 Essentials of cyber security

Unit 2 Essentials of cyber security 2016 Suite Cambridge TECHNICALS LEVEL 2 IT Unit 2 Essentials of cyber security A/615/1352 Guided learning hours: 30 Version 1 September 2016 ocr.org.uk/it LEVEL 2 UNIT 2: Essentials of cyber security A/615/1352

More information

Enviro Technology Services Ltd Data Protection Policy

Enviro Technology Services Ltd Data Protection Policy Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:

More information

Privacy Policy GENERAL

Privacy Policy GENERAL Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

It s still very important that you take some steps to help keep up security when you re online:

It s still very important that you take some steps to help keep up security when you re online: PRIVACY & SECURITY The protection and privacy of your personal information is a priority to us. Privacy & Security The protection and privacy of your personal information is a priority to us. This means

More information

PRIVACY NOTICE. Who is the Data Controller? Why do we use your information? What is the legal basis for this use? What information about you do we use

PRIVACY NOTICE. Who is the Data Controller? Why do we use your information? What is the legal basis for this use? What information about you do we use PRIVACY NOTICE Who is the Data Controller? Why do we use your information? What is the legal basis for this use? What information about you do we use When might we collect and use sensitive information

More information

INNOVENT LEASING LIMITED. Privacy Notice

INNOVENT LEASING LIMITED. Privacy Notice INNOVENT LEASING LIMITED Privacy Notice Table of Contents Topic Page number KEY SUMMARY 2 ABOUT US AND THIS NOTICE 3 USEFUL WORDS AND PHRASES 4 WHAT INFORMATION DO WE COLLECT? 4 WHY DO WE PROCESS YOUR

More information

The West End Community Trust Privacy Policy

The West End Community Trust Privacy Policy The West End Community Trust Privacy Policy We are committed to protecting your personal information and being transparent about what we do with it, however you interact with us. We are therefore committed

More information

Cyber Crime Update. Mark Brett Programme Director February 2016

Cyber Crime Update. Mark Brett Programme Director February 2016 Cyber Crime Update Mark Brett Programme Director February 2016 What is Cyber Crime? What are the current threats? What is the capability of local and regional Cyber Crime Investigations? What support is

More information

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe

More information

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question

More information

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee. 2017 Varonis Data Risk Report 47% of organizations have at least 1,000 sensitive files open to every employee. An Analysis of the 2016 Data Risk Assessments Conducted by Varonis Assessing the Most Vulnerable

More information

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation WOSDEC: Privacy Policy West of Scotland Development Education Centre WOSDEC - (We) are committed to protecting and respecting your privacy. This policy sets out how the personal information we collect

More information

Defending Our Digital Density.

Defending Our Digital Density. New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration

More information

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016 PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016 Page 1 of 5 PURPOSE OF THE ALERT The information contained within this alert is based on the reports received by Action Fraud and the National Fraud

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our

More information