Cyber security is a critical issue in the 21st Century, whether operating in the public or private sector. Cyber security encompasses the protection of computer or Information Systems (IS) from accidental or intentional malevolent attack.
A strong cyber security policy is designed to protect the organisation from theft or property (either hardware or software), the theft of data and information held on systems. It should also minimise the potential harm from individuals intent on causing disruption of services, such as the introduction of viruses to the system. Finally, it endeavours to ensure clear, secure procedures which individuals employed by the company should use to prevent attack or loss of data or hardware.
In the last year there has been much discussion about data security and a recent report by Third Sector Insight magazine reported that only 14 per cent of respondents to one of their surveys considered that their charity was very well protected and over half (54 per cent) either didn't know or said their charity was not well equipped to fend off a cyber security attack. Furthermore, the Information Commissioner's Office (ICO) reported that data breach instances rose 35 per cent between Quarter 2 and Quarter 3 in 2015/2016. You can read the report by registering for free on the Third Sector website.
The National Cyber Security Centre (NCSC) has been set up to provide advice, guidance and support on cyber security. The NCSC recently issued a short document to help organisations improve their management of cyber security. The document '10 steps to Cyber Security' is available on the right hand side of this page*. The steps include developing a risk management framework, which includes three core functions:
- Producing supporting risk management policies;
- determining an organisation's risk appetite; and
- making cyber risks a priority for the Board.
ENTRUST would encourage EBs to review NCSC's guidance, which will help to mitigate the risk of a cyber attack on your organisation.
* Contains public sector information licensed under the Open Government Licence v3.0.