There are more than 8,000 membership organisations and associations based in the United Kingdom. Even though member sizes, sectors and resources offered may differ, they all share one thing in common; the disruption caused by a cyber-attack.
A new report warns hybrid workplaces are creating the “perfect storm” for cybersecurity challenges which is causing a strain on IT departments.
The report – a combination of a survey of more than 8,400 remote workers and a global survey of 1,100 IT decision makers – found that 45% of office workers purchased IT equipment to assist with remote working. However, 68% said security was not a consideration when making their purchases and almost half (43%) said they didn’t have their new devices installed, or even checked, by IT.
Unsurprisingly, this has led to more successful phishing attacks, as three quarters of IT teams said they have seen a rise in staff opening malicious links and attachments during the last year.
Forty percent of 18-24 year olds said they have fallen for a phishing email, and nearly half reported they have done so more often since working from home.
Of those who did click on a link, 70% did not report it to IT, with 24% saying it wasn’t important, 20% citing the “hassle factor”, and 12% fearing punishment.
Cybersecurity tips for your association
A report from the UK Department for Digital, Culture, Media and Sport found that 26% of charities had experienced a cyber breach or attack in 2020.
Here’s what you can do to tighten the security of your membership association:
1. System Integration
The 2021 MemberWise Digital Excellence Report said only 28% of membership bodies agreed they had all their critical systems integrated.
There are several reasons why membership organisations should integrate their systems; one of these is improved security. Membership bodies deal with sensitive information that requires special measures to ensure it is protected. By using just using one system, you can easily build in the security tools that can keep hackers out. This is a lot more difficult if you have several tools and systems in use.
If you have data stored on more system, integrating these systems can protect your organisation’s data and keep your members protected.
2. Staff Culture and Training
60% of cyberattacks are from insiders. This means cybersecurity doesn’t start and end within the IT department. For associations to combat cyber threats, it is everyone’s responsibility to remain vigilant. Put simply, everyone who has access to a device must do their upmost to protect them, their colleagues and your members.
Ensure staff have the latest firewalls and SPAM filters installed on their devices, and they run regular checks on computer updates.
3. Take a Strategic Approach
GDPR talks about cybersecurity measures needing to be “appropriate” to the organisational; context and perceived risks, as opposed to specific monetary values.
But, how can an organisation determine what an “adequate” security regime looks like? It is essential to take a strategic approach so that security remains one of an organisation’s key focuses.
A cybersecurity strategy is a high-level plan for how your organisation will secure its assets during the next three to five years. Technology and cyber threats constantly evolve, so your strategy should be under frequent review.
You should identify your key assets, identify and asses risks, and implement a security regime that reflects these identified risks. If you’re working with an outsourced IT service provider, your relationship should function like a partnership, as opposed to a suppler. There should be ongoing engagement and discussions around security to make sure they understand your unique circumstances and develop an appropriate security strategy.
What else can be done?
The figures suggest the rise in security risk is because of a combination of more sophisticated phishing attempts, the burden on IT teams and a lax approach from remote workers regarding their safety.
For hybrid working to be a success, it doesn’t just come down to the resilience of IT teams. Employees must understand their role in creating a “zero tolerance” workplace policy within an organisation.
These steps include:
- Phishing Awareness Training
- Vigilance on every email received
- Always hover over and check links before clicking through
- Check phishing links within attachments (such as PDFs) as attackers use this technique to avoid spam filters
What organisations need is a strategic approach to security that not only protects against threats, but also reduces the impact and pressure IT teams are facing. A CTO works with an IT team to assist and develop their infrastructure. They are responsible for managing and developing the overall workflow of an organisation’s technology.
This includes reviewing security and identifying risks. An outsourced CTO has become a popular choice for organisations, as this allows for flexible working; such as full-time or part-time.
PSP has strong experience working with membership bodies, including a decade-long partnership with a major chartered institute providing CTO-level IT Management. At the start of the 2020 global pandemic, our approach allowed their 200 staff could safely work remotely immediately; operating as productively, and securely, as they would in the office. Contact PSP for an IT consultation: [email protected]
Leave A Comment