When it comes to charitable cybersecurity, the solution we think of most often is “antivirus”. In Charity Digital’s latest investigation with the National Cyber Security Center (NCSC), “antivirus” was by far the cybersecurity software that charities were most familiar with: 82% of charities said they were aware of it, compared to only 20% who said they understood patch management.
But protecting your devices and networks is about more than antivirus software, and our hardware should protect us just as much. Yet material security is something the charitable sector struggles to keep up with.
For example, according to a 2022 report of the Digital, Culture, Media and Sports Departmenta third of association employees are not confident they can perform basic tasks such as configuring firewalls.
In comparison, in large companies, only 5% of digital leads lack confidence and the proportion is 12% among those working in the public sector.
Installing a firewall on your devices is an essential part of “hardware security” and another example of the importance of understanding the technology you use. Only then can you know how it will protect your charity.
In this article, we look at other ways charities can ensure their technology protects them against cyber threats and the role of hardware in cybersecurity.
What is hardware security?
In its simplest form, physical security means protection by physical devices or operations rather than software such as antivirus.
This can be a device that monitors network traffic, such as the aforementioned firewall, or something that scans employee endpoints to detect vulnerabilities in their systems (for example, to check whether their system has the latest security updates).
According to the computer company Spicesmaterial security”is particularly necessary because attacks targeting IT as well as non-IT connected devices such as machine to machine (M2M) or Internet of Things (IoT) environments are becoming more prevalent as their adoption increases.”
How can I be sure my technology is protecting me?
Here are three key hardware security tips charities can follow to ensure their technology protects them.
Control who has access to what
Access control is an important element of cybersecurity, so much so that it is one of the basic elements of the Cyber Essential Certification.
Access control means regulating who can see or use your resources at any given time. A study showed that more than a fifth of cyberattacks come from people within an organization, either through negligence or intentionally. By creating accounts on your devices with different levels of access, charities can reduce this risk.
For example, if an employee has an administrator account, they can control which apps are downloaded to ensure that each app is legitimate and has a clear purpose within your charity.
With more charitable employees working remotely more often, access control is a great example of how your hardware can protect you from cyber threats.
Charities can be confident that the devices their employees or service users use have adequate security and do not leave the organization itself or its employees vulnerable to cyberattacks.
Always update your systems
When updates are recommended for your laptop or computer, it’s largely because there’s a bug they’ve fixed – it’s called the patch. Without these updates, cybercriminals can exploit every vulnerability in your systems and hardware. The patches prevent them from passing.
The NCSC calls this ‘vulnerability management‘. He notes that while updating everything as soon as possible is the ideal practice, it can be difficult. There are barriers to regularly updating your systems when needed, such as feature changes, costs, and potentially reduced compatibility between applications and the updated operating system.
But, as the NCSC points out, “It’s better to start small and grow than to feel overwhelmed and do nothing.”
Charities should regularly assess vulnerabilities, or even implement a special “patch day,” during which all employees must apply their security upgrades.
If necessary, charities can prioritize updates based on which are most important, but by setting a specific deadline for when they should be done, employees can prepare for any time lost during the update. up to date.
The charity’s IT staff can also use the deadline to monitor who has applied updates and remind anyone who hasn’t yet done so.
Check security specifications when buying new technology
While most modern devices, whether smartphones or laptops, are considered secure enough for almost all users, it is also important for charities to consider their security needs when purchasing new technology.
Budget, accessibility and app support may come first, but security should never be too far from our minds. Organizations should always prioritize the people intended to use the technology. If they have trouble using it, they may switch to another less secure device to complete their work.
If they can use the technology you provide them effectively, they won’t have to, and you can monitor threats much more easily.
CNSC outlines six key steps when deciding which devices you should use with security in mind. They are:
- Evaluate which operating systems support the software features and applications your users need to use to get their jobs done
- Decide which device manufacturer(s) can meet your organization’s security requirements, as described above
- Decide which device types have the performance and hardware features your users need, and within your budget
- Pilot devices before deploying them at scale to ensure that you have covered all aspects of device selection that are relevant to your organization
- Select the device(s) that best suits your business needs and budget
- Develop a strategy for updating your list of approved devices