Cyber security expert Nick Holden addresses an audience of charities and not-for-profits bodies at seminar organised by Liverpool accountancy firm BWM. Tony McDonough reports
It isn’t software or hardware that poses the biggest cyber security threat to charities – it is people or ‘pinkware’.
That was the message delivered to an audience of charities by security expert Nick Holden at an event in Liverpool organised by accountancy firm BWM which has many clients in the not-for-profit sector.
Mr Holden is from Knowsley-based NexusProtect and he told those present at the seminar that it was the people in an organisation where the biggest security weaknesses lay. He said: “That is what I mean by pinkware – it is the people who work for you.
“Many small charities, in particular, lack the resources or skill set to have people specially trained in this area and that makes them vulnerable. That is where we have seen the bigger risk of cybercrime.”
He explained that fraudsters using malware such as viruses or phishing (nefarious links embedded in emails) often did not target organisations specifically but used software to cast out a general net and expose vulnerabilities.
“That is how the NHS was exposed a couple of years ago,” said Mr Holden. “They weren’t directly targeted. Other organisations around the world were also hit at the same time.”
Mr Holden added: “The biggest scams right now are carried out by phishing via emails. It used to be an attachment people were asked to click on but now they are getting smarter. Often the link can be hidden in the ‘unsubscribe’ button.
“The rule is always, if you are not expecting it and you are unsure of where it has come from, then don’t click on it just delete it.”
Other vulnerabilities, he said, came when people were careless with passwords or through mobile devices which offered access to organisation systems. Disgruntled employees also posed a threat, he added.
“You have to be careful how you set up your logins. Everybody needs to have a separate profile on the system,” he explained.
He also talked about physical vulnerabilities where it was too easy to gain access to a building and then to sensitive data inside. He gave an example where they tested one client’s security and said they were able to easily gain access via a side door where people came out to smoke.
Charities often hold data about services users. They are often vulnerable people and so the information held can be of a very sensitive nature. GDPR regulations around data protection, introduced a year ago, tightened up the law around data protection and organisations can face hefty penalties if they guilty of a breach.
“Breaches of data protection under the tighter GDPR regulations can not only lead to fines but also leave your organisation open to civil action and reputational damage,” he said.
BWM holds regular charity update seminars throughout the year to updating its clients on tax and regulatory changes within the sector as well as speakers on subjects of interests to charities.
Also addressing the event was Peter Cumings of Wirral -based Tender Management Community Services, a business that helps not-for-profit organisations to win tenders and commissions and has so far helped generate £550m in contract wins for the sector.
He told the audience that securing public sector contracts was becoming increasingly competitive and that providers were being challenged by the combined effects of pressure on public sector budgets and increasing demand for services.
These were the factors, he added, that were compelling providers to develop innovative service solutions that helped make resources go further.
Mr Cumings explained: “If you want to compete and secure the contracts that are key to your organisation’s sustainability then you are going to have to step up to the challenge of delivering high quality services, that reach more people and have greater impact and to do so within restricted funding resources.”