Joseph Blass is the CEO of WorkPlaceLive. Previously he founded Toucan Telecom and led the management team in the sale of the business to Pipex Plc where he concluded its successful onward sale to Tiscali in 2007. Joseph also managed the turn-around of a WiMax business, and managed an AIM listed payment processing company.
Many charities are vulnerable to break-ins, theft of hardware and security breaches because they lack the money and resources for a reasonable level of protection – or because the protection provided is insufficient to keep determined burglars out.
In November 2015, The Register reported a burglary at the London offices of children’s charity Plan UK, which resulted in the theft of five servers.
According to The Register, the charity said that although “the likely motive was to steal the equipment itself, rather than the data … we cannot escape the fact that personal information is also stored on the servers”. The information included “supporter names, addresses, emails, as well as bank account and sort code numbers”. The charity asked its supporters to be vigilant in case attempts were made to defraud them.
The cost of inadequate security
Earlier in the year, a report by accountants firm Hawsons highlighted data security problems faced by charities. The warning came with advice that the Information Commissioner’s Office (ICO) can issue fines of up to £500,000 for inadequate protection of data.
Hawsons cited The British Pregnancy Advice Service and Norwood Ravenswood, fined £200,000 and £70,000 respectively for not taking care of personal data. In addition, the ICO issued enforcement notices to Wheelbase Motor Project and Asperger’s Children & Carers Together, after they lost unencrypted hard drives.
The firm pointed out that security breaches “can be very disruptive, take up a lot of management time and cause damage to reputations”. It urged charities and non profits to improve their data security as well as the physical security of their hardware and backups.
Recycling unwanted hardware
Computer Weekly’s headline “Avoiding security issues when recycling hardware” touched on other issues, such as staff being given old, unwanted computers whose hard drives had not been wiped sufficiently to destroy data on them.
In some cases the drives had simply been reloaded with the computer’s operating system, under the mistaken impression that all data would be destroyed in the process. Not so, Computer Weekly pointed out: “All this process does is remove the links to the previously saved files, which can be easily found using data recovery software”
Beware hackers – and hacktivists
Another risk charities faced in 2015 – and will continue to face – comes from hackers. A headline on The Civil Society’s website warned: “Hackers are a ‘particular threat’ to the charity sector”.
That was because they might disagree with a charity’s objectives and attack its security systems as ‘hacktivists’ – or mistake one charity for another. The Royal British Legion’s website had been hacked because it has been mistaken as being “part of the Ministry of Defence”, the Legion said.
Further information
Learn more about how charities can upgrade all aspects of their security – without breaking the bank – in our How To on Knowhow.
Data privacy and security for leaders
Find out how to manage the risks of your organisation’s data management in our Annual Conference workshop AM2 ‘Data Privacy and security for leaders’.
Posts written by guests who have contributed to NCVO projects and events. 
