NCVO - National Council for Voluntary Organisations, profile picture
Uploaded byNCVO - National Council for Voluntary Organisations
PDF, PPTX432 views

NCVO/Zurich webinar: Beyond cyber essentials

The document outlines a NCVO risk webinar focused on cyber risk awareness and mitigation for charities, emphasizing the importance of recognizing cyber threats and implementing protective measures. Key topics include the prevalence of cyber attacks on charities, the necessity of cyber essentials certification, and the role of senior management in overseeing cyber governance. The event encourages attendees to engage in Q&A and emphasizes the critical need for charities to prioritize cyber security.

Embed presentation

Download as PDF, PPTX
The live event will begin shortly ________________ All attendees will be muted and cameras disabled. Should you wish to ask a question, please use the Q&A functionality which is available for you to submit questions now. NCVO Risk Webinar Series in partnership with Zurich
Beyond Cyber Essentials ________________ Arunava Banerjee Cyber Risk Consultant Zurich Workforce Strategies This deck is the property of Zurich and should not be reproduced or copied. NCVO Risk Webinar Series in partnership with Zurich
©Zurich INTERNAL USE ONLY 3 “Nothing vast enters the life of mortals without a curse.” ― Sophocles
©Zurich INTERNAL USE ONLY 01 Cyber Risk 02 Cyber Risk Mitigation 03 Cyber Essentials 04 Beyond Cyber Essentials 05 Role of Senior Management 06 Q&A and Discussion 4 NCVO Risk Webinar Series: Data and Security Agenda
©Zurich INTERNAL USE ONLY 5 01 Cyber Risks In 2019, Departmentfor Digital, Culture, Media and Sport’s (DCMS) found out that over 44% of charities aren’t protecting themselves from cyber attacks because they simply don’t see themselves at being at risk. DCMS Cyber Security Breaches Survey 2019 58% of charities think cybercrime is a major risk to the charity sector PreventingCharity Cybercrime Insights + Action 2019 by Charity Commission for Englandand Wales This year, 26% of charities reported a cyber breach. DCMC Cyber Security Breach Survey 2020 Perception and Reality “Charities are not immune to cyber crime. Perpetrators do not distinguish between their victims and charities are as likely to be targeted as private firms or the general public.” Helen Stephenson Chief Executive, Charity Commission for England and Wales
©Zurich INTERNAL USE ONLY 6 01 2019 Cyber Incidents for Charities
©Zurich INTERNAL USE ONLY 7 01 Takeaway Question 1 1. Are you giving enough attention to identify cyber risks for your charity? 61% of charities have taken at least some action to identify cyber risks. DCMS, Cyber Breach Report 2020
©Zurich INTERNAL USE ONLY 8 01 Why and Who? Threat Vectors Why? Fund Data: Personal, Financial, Commercial Intellectual Properties Who? Cyber Criminals Insider(Malicious & Honest) Nation State
©Zurich INTERNAL USE ONLY 9 01 How? Cyber Threats Phishing Business Email Compromise DDoS Malware/ Ransomware Insider Threats Fake Charities, Websites, Rating Supply Chain Attack
©Zurich INTERNAL USE ONLY 10 01 Takeaway Question 2 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity?
©Zurich INTERNAL USE ONLY 11 02 Cyber Risk Mitigation Controls: Take a proportionate approach Systematic approach to apply controls is by using cyber framework • NCSC Small Charity Guide • NCSC 10 Steps to Cyber Security • NCSC Cyber AssessmentFramework • NIST Cybersecurity Framework • ISO 27001: 2013 • SANS Top 20 Some Independent Review & Certification • ISO 27001: 2013 • NIST • Cyber Essentials • Cyber Essentials Plus
©Zurich INTERNAL USE ONLY 12 02 Takeaway Question 3 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? Only 13% of charities are aware of Cyber Essentials and only 16% have heard of Small charity guide DCMS, Cyber Breach Report 2020
©Zurich INTERNAL USE ONLY 13 03 • Help organisations protect themselves against common internetborn cyber threats. • Launched in June 2014 and suitable for all organisations of any size and in any sector. Assessmentcover 5 technical control themes 1. Boundary firewalls and Internet Gateway 2. Secure Configuration 3. User Access Control 4. Malware Protection 5. Patch Management Two level of certification 1. Cyber Essential : Self-Assessment 2. Cyber Essential Plus : Self-Assessment and hands-on technical verification(Vulnerability Scans) of internet facing infrastructure/systems Cyber Essentials A basic cyber maturity certification backed by HM Government
©Zurich INTERNAL USE ONLY 14 03 • Helps protect against common internet-born cyber attacks • Demonstrate good cyber security practice • Provide re-assurance to customers, donors, volunteers, vendors, trustees, insurance supplierand other stakeholders • Attracts new donors • Enables you to bid for government contracts • A UK-domiciled organisations with turnovers of less than £20 million, achieving either certificationnow automatically gets entitled forcyber liability insurance cover of £25,000 limit. Cyber Essentials Benefits First step in the right direction Cyber Insurance Details: https://iasme.co.uk/cyber-essentials/cyber-liability-insurance/
©Zurich INTERNAL USE ONLY 15 03 Takeaway Question 4 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? However, before considering any cyber insurance, you can help protect your organisation by ensuring you have fundamental cyber security safeguards in place, such as those certified by Cyber Essentials, or Cyber Essentials Plus. NCSC Cyber Insurance Guidance
©Zurich INTERNAL USE ONLY 16 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Is it enough, if not then what's next? CE is not a destination, but the beginning of a journey Tech Talk
©Zurich INTERNAL USE ONLY 17 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Identify and Backup Crown Jewels Identify critical assets: Crown Jewels • Sensitive Data • Fund • Official Website • Business Applications • Intellectual Properties Apply regular backup Test your backup restoration Ensure backup is in a separate location from the main asset
©Zurich INTERNAL USE ONLY 18 04 Takeaway Question 5 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels?
©Zurich INTERNAL USE ONLY 19 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Longer is stronger Apply Password/PIN to all devices and applications Apply a sensible password Enable MFA wherever available MFA for VPN/Remote Access Disable default passwords
©Zurich INTERNAL USE ONLY 20 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Patching is closest to a silver bullet in cyber security Separate Admin and Standard Accounts. No email or internet foradmins Firewall with blocked defaultadmin account, unused ports Anti-malware in all systems scanning automatically and updating regularly Up-to-Date OS/Software Regular Patching Block USB
©Zurich INTERNAL USE ONLY 21 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Smart Phones and Tablets are the new normal for business Apply Pin/Password/Fingerprint/facial Recognition Configure remote tracking Automatic updates No connection to public WIFI Encrypt data and device
©Zurich INTERNAL USE ONLY 22 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Protect your sensitive data with encryption Encrypt mobile devices Encrypt data in transit, especially Emails with sensitive information Make sure your business website is encrypted
©Zurich INTERNAL USE ONLY 23 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials 9 out of 10 data breach reported to ICO in 2019 are due to mistake of users Make users aware of: • Security Policies like Password, Email • HR Policies • Acceptable Use Policy Help users understand how to spot a phishing email Encourage then to report breach without promoting any blame culture Create a Cyber Aware workforce
©Zurich INTERNAL USE ONLY 24 04 Takeaway Question 6 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake?
©Zurich INTERNAL USE ONLY 25 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Suppliers Risk Mitigation List your suppliers, vendors, service providers and anyone who has access to your systems and data Check how they access your environment Take measures to apply proportionate controls Check, if your supply chain are taking cyber and information governance seriously Ask for security certification
©Zurich INTERNAL USE ONLY 26 04 Takeaway Question 7 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification?
©Zurich INTERNAL USE ONLY 27 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Not “weather” but “when” Have a Cyber Incident Response Plan in place Fire drills: Exercise those plans Lesson learnt
©Zurich INTERNAL USE ONLY 28 04 Takeaway Question 8 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification? 8. Do you know whom to get in touch with if tomorrow you face a ransomware attack?
©Zurich INTERNAL USE ONLY 29 05 • At least one person responsible/answerable for cyber governance • Ensure cyber risks are capturedas part of business risk Role of Senior Management DCMS Cyber Security Breaches Survey 2020 • Ensure senior managementsupportand regular agenda in board discussion • Participate in incident response exercises.
©Zurich INTERNAL USE ONLY 30 05 Takeaway Question 9 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insuranceoption with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification? 8. Do you know whom to get in touch with if tomorrow you face a ransomware attack? 9. Is cyber high priority for your senior management?
©Zurich INTERNAL USE ONLY 31 Q&A and Discussion Thank you for your time Arunava Banerjee Cyber Risk Consultant Zurich Insurance PLC Email: Arunava.Banerjee@uk.zurich.com Mobile: +44 (0) 7875885387
Please use the QR code or link to the right to select one of the two charities and Zurich Community Trust will donate £24,000, divided according to the number of tokens (or votes) each charity receives throughout our 2020 calendar of events. You decide! Vote Now!Which charity will you choose? Since 1973 Zurich Community Trust has donated over £90 million to charitable organisations across the UK and overseas. Who decides how the donations are split? Zurich Municipal continues to work with Zurich Community Trust, Zurich’s UK charitable arm in the UK, by supporting two charity partners Dementia UK and Place2Be. With Covid-19, the Trust has increased its support to help them through difficult times as demand for their services has increased whilst income is falling. Dementia UK provides specialist support for families through their Admiral Nurse service and children’s mental health charity, Place2Be, works in schools with pupils, their families and staff. Thank you for your support. bit.ly/3bX4CR6

More Related Content

PDF
Cybersecurity Toolkit
byClaranet UK
 
PPTX
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
byNCVO - National Council for Voluntary Organisations
 
PPTX
Time to Shine for Remote Care
byJessica Bosshard
 
PDF
Untitled document.otd
byhamzarajpoot33
 
PPSX
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
PDF
16231
byJames Grant
 
PDF
CNCERT International Partnership in Emergency Response Conference: Cooperatio...
byAPNIC
 
PPTX
Assessing health and safety risk in uncertain times
byNCVO - National Council for Voluntary Organisations
 
Cybersecurity Toolkit
byClaranet UK
 
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
byNCVO - National Council for Voluntary Organisations
 
Time to Shine for Remote Care
byJessica Bosshard
 
Untitled document.otd
byhamzarajpoot33
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
byJames Mulhern
 
16231
byJames Grant
 
CNCERT International Partnership in Emergency Response Conference: Cooperatio...
byAPNIC
 
Assessing health and safety risk in uncertain times
byNCVO - National Council for Voluntary Organisations
 

Similar to NCVO/Zurich webinar: Beyond cyber essentials

PPTX
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
byitnewsafrica
 
PPTX
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
byInternational Federation of Accountants
 
PDF
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
byAT-NET Services, Inc. - Charleston Division
 
PPTX
Policies to mitigate cyber risk
byPrachi Gulihar
 
PDF
Cyber-Security-Whitepaper.pdf
byAnil
 
PDF
Cyber-Security-Whitepaper.pdf
byAnil
 
PDF
Cyber Security Privacy Brochure 2015
bysarah kabirat
 
PDF
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
PDF
Digital Beachhead Quarterly Magazine Vol 2, September 2024
bythesiliconleaders
 
PPTX
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
PDF
TechSoup Presentation - Cyber Risk Management July 9.pdf
byTechSoup
 
PDF
Introduction to Cyber Resilience
byPeter Wood
 
PPTX
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
byKevin Duffey
 
PDF
Safeguarding the Digital Realm.pdf
byjasonuchiha2
 
PDF
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
PDF
Biznesa infrastruktūras un datu drošības juridiskie aspekti
byebuc
 
PDF
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
PDF
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
byapidays
 
PPTX
Abhishek kurre.pptx
byDolchandra
 
PDF
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
byEMC
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
byitnewsafrica
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
byInternational Federation of Accountants
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
byAT-NET Services, Inc. - Charleston Division
 
Policies to mitigate cyber risk
byPrachi Gulihar
 
Cyber-Security-Whitepaper.pdf
byAnil
 
Cyber-Security-Whitepaper.pdf
byAnil
 
Cyber Security Privacy Brochure 2015
bysarah kabirat
 
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
Digital Beachhead Quarterly Magazine Vol 2, September 2024
bythesiliconleaders
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
TechSoup Presentation - Cyber Risk Management July 9.pdf
byTechSoup
 
Introduction to Cyber Resilience
byPeter Wood
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
byKevin Duffey
 
Safeguarding the Digital Realm.pdf
byjasonuchiha2
 
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
byebuc
 
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
byapidays
 
Abhishek kurre.pptx
byDolchandra
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
byEMC
 

More from NCVO - National Council for Voluntary Organisations

PPTX
Decision making in a crisis: Collaboration and merger
byNCVO - National Council for Voluntary Organisations
 
PPTX
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
byNCVO - National Council for Voluntary Organisations
 
PPTX
Improving organisational resilience: What trustees need to consider
byNCVO - National Council for Voluntary Organisations
 
PDF
AGM 2022: Undertaking a governace review
byNCVO - National Council for Voluntary Organisations
 
PPT
How to manage operational change in a time of uncertainty
byNCVO - National Council for Voluntary Organisations
 
PPTX
NCVO webinar: An update on changes to the Charity Governance Code
byNCVO - National Council for Voluntary Organisations
 
PDF
AGM 2022: Vision for Volunteering
byNCVO - National Council for Voluntary Organisations
 
PPTX
Undertaking a governance effectiveness review
byNCVO - National Council for Voluntary Organisations
 
PDF
NCVO/CFG webinar: Financial management during covid-19 – top tips and scenari...
byNCVO - National Council for Voluntary Organisations
 
PPTX
Easing of lockdown – practical considerations for managing and supporting staff
byNCVO - National Council for Voluntary Organisations
 
PPTX
NCVO Webinar: Legal and practical considerations for returning to work
byNCVO - National Council for Voluntary Organisations
 
PPTX
Governing during a pandemic: What are the key things trustees need to be focu...
byNCVO - National Council for Voluntary Organisations
 
PPTX
Easing of lockdown practical considerations for managing and support staff
byNCVO - National Council for Voluntary Organisations
 
PPTX
NCVO/CFG Webinar: Financial management and accessing government funding combi...
byNCVO - National Council for Voluntary Organisations
 
PDF
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
byNCVO - National Council for Voluntary Organisations
 
PDF
AGM 2022: Building networks
byNCVO - National Council for Voluntary Organisations
 
PPTX
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
byNCVO - National Council for Voluntary Organisations
 
PPTX
National Volunteering Forum: Engaging volunteers and paid staff
byNCVO - National Council for Voluntary Organisations
 
PDF
AGM 2022: Time Well Spent
byNCVO - National Council for Voluntary Organisations
 
PDF
AGM 2022: Membership
byNCVO - National Council for Voluntary Organisations
 
Decision making in a crisis: Collaboration and merger
byNCVO - National Council for Voluntary Organisations
 
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
byNCVO - National Council for Voluntary Organisations
 
Improving organisational resilience: What trustees need to consider
byNCVO - National Council for Voluntary Organisations
 
AGM 2022: Undertaking a governace review
byNCVO - National Council for Voluntary Organisations
 
How to manage operational change in a time of uncertainty
byNCVO - National Council for Voluntary Organisations
 
NCVO webinar: An update on changes to the Charity Governance Code
byNCVO - National Council for Voluntary Organisations
 
AGM 2022: Vision for Volunteering
byNCVO - National Council for Voluntary Organisations
 
Undertaking a governance effectiveness review
byNCVO - National Council for Voluntary Organisations
 
NCVO/CFG webinar: Financial management during covid-19 – top tips and scenari...
byNCVO - National Council for Voluntary Organisations
 
Easing of lockdown – practical considerations for managing and supporting staff
byNCVO - National Council for Voluntary Organisations
 
NCVO Webinar: Legal and practical considerations for returning to work
byNCVO - National Council for Voluntary Organisations
 
Governing during a pandemic: What are the key things trustees need to be focu...
byNCVO - National Council for Voluntary Organisations
 
Easing of lockdown practical considerations for managing and support staff
byNCVO - National Council for Voluntary Organisations
 
NCVO/CFG Webinar: Financial management and accessing government funding combi...
byNCVO - National Council for Voluntary Organisations
 
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
byNCVO - National Council for Voluntary Organisations
 
AGM 2022: Building networks
byNCVO - National Council for Voluntary Organisations
 
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
byNCVO - National Council for Voluntary Organisations
 
National Volunteering Forum: Engaging volunteers and paid staff
byNCVO - National Council for Voluntary Organisations
 
AGM 2022: Time Well Spent
byNCVO - National Council for Voluntary Organisations
 
AGM 2022: Membership
byNCVO - National Council for Voluntary Organisations
 

Recently uploaded

PPTX
Policy Cycle: Monitoring & Evaluation.pptx
byMonoarul Haq Omy
 
PDF
The Ridiculously Smart Guide to Buying Legit Twitter ....pdf
bymarketing
 
PDF
20260114 NPPF Overview Presentation FINAL.pdf
byPAS_Team
 
PPTX
Manu: His Writings and Views on the State | Indian Political Thought pptx
byDr Sangeeta Mathur
 
PDF
Howell announces State Representative Candidacy
byDavid J. Howell
 
PDF
The Congress, the Golden Fleet, and the Shipbuilding Industrial Base in 2026
byCongressional Budget Office
 
PDF
Soft Skills role in Innovation and growth-SITM-2026
byTanveerGulab2
 
PDF
McKinsey Century of Plenty vs EFOW Good Future Making: Abundance vs. Groundwo...
byEnergy for One World
 
PDF
Two Studies on Planetary Boundaries and our Natural World: Human Impact Over...
byEnergy for One World
 
PDF
Matt Duffield Missed Opportunities for Pope County as Arkanas secures histori...
byDavid J. Howell
 
PDF
UN SDG Progress, Commitments, and Future
byEnergy for One World
 
PDF
Missed Opportunities in Pope County as Arkansas Secures Historic Job-Creating...
bydavidhowell745134
 
PPTX
DepED Expanded Career Progression-SLIDE.pptx
byiamruthdelacruz
 
PDF
EFOW Letter Card McKinsey: A Century of Plenty
byEnergy for One World
 
PDF
EFOW Letter- Card McKinsey : A Century of Plenty
byEnergy for One World
 
Policy Cycle: Monitoring & Evaluation.pptx
byMonoarul Haq Omy
 
The Ridiculously Smart Guide to Buying Legit Twitter ....pdf
bymarketing
 
20260114 NPPF Overview Presentation FINAL.pdf
byPAS_Team
 
Manu: His Writings and Views on the State | Indian Political Thought pptx
byDr Sangeeta Mathur
 
Howell announces State Representative Candidacy
byDavid J. Howell
 
The Congress, the Golden Fleet, and the Shipbuilding Industrial Base in 2026
byCongressional Budget Office
 
Soft Skills role in Innovation and growth-SITM-2026
byTanveerGulab2
 
McKinsey Century of Plenty vs EFOW Good Future Making: Abundance vs. Groundwo...
byEnergy for One World
 
Two Studies on Planetary Boundaries and our Natural World: Human Impact Over...
byEnergy for One World
 
Matt Duffield Missed Opportunities for Pope County as Arkanas secures histori...
byDavid J. Howell
 
UN SDG Progress, Commitments, and Future
byEnergy for One World
 
Missed Opportunities in Pope County as Arkansas Secures Historic Job-Creating...
bydavidhowell745134
 
DepED Expanded Career Progression-SLIDE.pptx
byiamruthdelacruz
 
EFOW Letter Card McKinsey: A Century of Plenty
byEnergy for One World
 
EFOW Letter- Card McKinsey : A Century of Plenty
byEnergy for One World
 

NCVO/Zurich webinar: Beyond cyber essentials

  • 1.
    The live eventwill begin shortly ________________ All attendees will be muted and cameras disabled. Should you wish to ask a question, please use the Q&A functionality which is available for you to submit questions now. NCVO Risk Webinar Series in partnership with Zurich
  • 2.
    Beyond Cyber Essentials ________________ Arunava Banerjee CyberRisk Consultant Zurich Workforce Strategies This deck is the property of Zurich and should not be reproduced or copied. NCVO Risk Webinar Series in partnership with Zurich
  • 3.
    ©Zurich INTERNAL USE ONLY3 “Nothing vast enters the life of mortals without a curse.” ― Sophocles
  • 4.
    ©Zurich INTERNAL USE ONLY 01Cyber Risk 02 Cyber Risk Mitigation 03 Cyber Essentials 04 Beyond Cyber Essentials 05 Role of Senior Management 06 Q&A and Discussion 4 NCVO Risk Webinar Series: Data and Security Agenda
  • 5.
    ©Zurich INTERNAL USE ONLY5 01 Cyber Risks In 2019, Departmentfor Digital, Culture, Media and Sport’s (DCMS) found out that over 44% of charities aren’t protecting themselves from cyber attacks because they simply don’t see themselves at being at risk. DCMS Cyber Security Breaches Survey 2019 58% of charities think cybercrime is a major risk to the charity sector PreventingCharity Cybercrime Insights + Action 2019 by Charity Commission for Englandand Wales This year, 26% of charities reported a cyber breach. DCMC Cyber Security Breach Survey 2020 Perception and Reality “Charities are not immune to cyber crime. Perpetrators do not distinguish between their victims and charities are as likely to be targeted as private firms or the general public.” Helen Stephenson Chief Executive, Charity Commission for England and Wales
  • 6.
    ©Zurich INTERNAL USE ONLY6 01 2019 Cyber Incidents for Charities
  • 7.
    ©Zurich INTERNAL USE ONLY7 01 Takeaway Question 1 1. Are you giving enough attention to identify cyber risks for your charity? 61% of charities have taken at least some action to identify cyber risks. DCMS, Cyber Breach Report 2020
  • 8.
    ©Zurich INTERNAL USE ONLY8 01 Why and Who? Threat Vectors Why? Fund Data: Personal, Financial, Commercial Intellectual Properties Who? Cyber Criminals Insider(Malicious & Honest) Nation State
  • 9.
    ©Zurich INTERNAL USE ONLY9 01 How? Cyber Threats Phishing Business Email Compromise DDoS Malware/ Ransomware Insider Threats Fake Charities, Websites, Rating Supply Chain Attack
  • 10.
    ©Zurich INTERNAL USE ONLY10 01 Takeaway Question 2 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity?
  • 11.
    ©Zurich INTERNAL USE ONLY11 02 Cyber Risk Mitigation Controls: Take a proportionate approach Systematic approach to apply controls is by using cyber framework • NCSC Small Charity Guide • NCSC 10 Steps to Cyber Security • NCSC Cyber AssessmentFramework • NIST Cybersecurity Framework • ISO 27001: 2013 • SANS Top 20 Some Independent Review & Certification • ISO 27001: 2013 • NIST • Cyber Essentials • Cyber Essentials Plus
  • 12.
    ©Zurich INTERNAL USE ONLY12 02 Takeaway Question 3 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? Only 13% of charities are aware of Cyber Essentials and only 16% have heard of Small charity guide DCMS, Cyber Breach Report 2020
  • 13.
    ©Zurich INTERNAL USE ONLY13 03 • Help organisations protect themselves against common internetborn cyber threats. • Launched in June 2014 and suitable for all organisations of any size and in any sector. Assessmentcover 5 technical control themes 1. Boundary firewalls and Internet Gateway 2. Secure Configuration 3. User Access Control 4. Malware Protection 5. Patch Management Two level of certification 1. Cyber Essential : Self-Assessment 2. Cyber Essential Plus : Self-Assessment and hands-on technical verification(Vulnerability Scans) of internet facing infrastructure/systems Cyber Essentials A basic cyber maturity certification backed by HM Government
  • 14.
    ©Zurich INTERNAL USE ONLY14 03 • Helps protect against common internet-born cyber attacks • Demonstrate good cyber security practice • Provide re-assurance to customers, donors, volunteers, vendors, trustees, insurance supplierand other stakeholders • Attracts new donors • Enables you to bid for government contracts • A UK-domiciled organisations with turnovers of less than £20 million, achieving either certificationnow automatically gets entitled forcyber liability insurance cover of £25,000 limit. Cyber Essentials Benefits First step in the right direction Cyber Insurance Details: https://iasme.co.uk/cyber-essentials/cyber-liability-insurance/
  • 15.
    ©Zurich INTERNAL USE ONLY15 03 Takeaway Question 4 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? However, before considering any cyber insurance, you can help protect your organisation by ensuring you have fundamental cyber security safeguards in place, such as those certified by Cyber Essentials, or Cyber Essentials Plus. NCSC Cyber Insurance Guidance
  • 16.
    ©Zurich INTERNAL USE ONLY16 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Is it enough, if not then what's next? CE is not a destination, but the beginning of a journey Tech Talk
  • 17.
    ©Zurich INTERNAL USE ONLY17 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Identify and Backup Crown Jewels Identify critical assets: Crown Jewels • Sensitive Data • Fund • Official Website • Business Applications • Intellectual Properties Apply regular backup Test your backup restoration Ensure backup is in a separate location from the main asset
  • 18.
    ©Zurich INTERNAL USE ONLY18 04 Takeaway Question 5 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels?
  • 19.
    ©Zurich INTERNAL USE ONLY19 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Longer is stronger Apply Password/PIN to all devices and applications Apply a sensible password Enable MFA wherever available MFA for VPN/Remote Access Disable default passwords
  • 20.
    ©Zurich INTERNAL USE ONLY20 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Patching is closest to a silver bullet in cyber security Separate Admin and Standard Accounts. No email or internet foradmins Firewall with blocked defaultadmin account, unused ports Anti-malware in all systems scanning automatically and updating regularly Up-to-Date OS/Software Regular Patching Block USB
  • 21.
    ©Zurich INTERNAL USE ONLY21 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Smart Phones and Tablets are the new normal for business Apply Pin/Password/Fingerprint/facial Recognition Configure remote tracking Automatic updates No connection to public WIFI Encrypt data and device
  • 22.
    ©Zurich INTERNAL USE ONLY22 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Protect your sensitive data with encryption Encrypt mobile devices Encrypt data in transit, especially Emails with sensitive information Make sure your business website is encrypted
  • 23.
    ©Zurich INTERNAL USE ONLY23 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials 9 out of 10 data breach reported to ICO in 2019 are due to mistake of users Make users aware of: • Security Policies like Password, Email • HR Policies • Acceptable Use Policy Help users understand how to spot a phishing email Encourage then to report breach without promoting any blame culture Create a Cyber Aware workforce
  • 24.
    ©Zurich INTERNAL USE ONLY24 04 Takeaway Question 6 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake?
  • 25.
    ©Zurich INTERNAL USE ONLY25 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Suppliers Risk Mitigation List your suppliers, vendors, service providers and anyone who has access to your systems and data Check how they access your environment Take measures to apply proportionate controls Check, if your supply chain are taking cyber and information governance seriously Ask for security certification
  • 26.
    ©Zurich INTERNAL USE ONLY26 04 Takeaway Question 7 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification?
  • 27.
    ©Zurich INTERNAL USE ONLY27 04 Identify & Backup of Critical Asset Use sensible password policy Apply Technical Protective Controls Secure mobile devices Apply Encryption Cyber and Information Governance Awareness Mitigate Supply Chain Risk Have some response capability in place Beyond Cyber Essentials Not “weather” but “when” Have a Cyber Incident Response Plan in place Fire drills: Exercise those plans Lesson learnt
  • 28.
    ©Zurich INTERNAL USE ONLY28 04 Takeaway Question 8 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insurance option with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification? 8. Do you know whom to get in touch with if tomorrow you face a ransomware attack?
  • 29.
    ©Zurich INTERNAL USE ONLY29 05 • At least one person responsible/answerable for cyber governance • Ensure cyber risks are capturedas part of business risk Role of Senior Management DCMS Cyber Security Breaches Survey 2020 • Ensure senior managementsupportand regular agenda in board discussion • Participate in incident response exercises.
  • 30.
    ©Zurich INTERNAL USE ONLY30 05 Takeaway Question 9 1. Are you giving enough attention to identify cyber risks for your charity? 2. Are you aware of all the key dependencies on your supply chain and their cyber maturity? 3. Are you aware of HM Government’s Cyber Essential Certification? 4. Were you aware of the free cyber insuranceoption with CE Certification? 5. What are the top 3 systems which can be considered as your crown jewels? 6. Are your users aware of what to do if they send an email with sensitive information to a wrong recipientby mistake? 7. How many members of your supply chain have Cyber Essentials or similar cyber certification? 8. Do you know whom to get in touch with if tomorrow you face a ransomware attack? 9. Is cyber high priority for your senior management?
  • 31.
    ©Zurich INTERNAL USE ONLY31 Q&A and Discussion Thank you for your time Arunava Banerjee Cyber Risk Consultant Zurich Insurance PLC Email: Arunava.Banerjee@uk.zurich.com Mobile: +44 (0) 7875885387
  • 32.
    Please use theQR code or link to the right to select one of the two charities and Zurich Community Trust will donate £24,000, divided according to the number of tokens (or votes) each charity receives throughout our 2020 calendar of events. You decide! Vote Now!Which charity will you choose? Since 1973 Zurich Community Trust has donated over £90 million to charitable organisations across the UK and overseas. Who decides how the donations are split? Zurich Municipal continues to work with Zurich Community Trust, Zurich’s UK charitable arm in the UK, by supporting two charity partners Dementia UK and Place2Be. With Covid-19, the Trust has increased its support to help them through difficult times as demand for their services has increased whilst income is falling. Dementia UK provides specialist support for families through their Admiral Nurse service and children’s mental health charity, Place2Be, works in schools with pupils, their families and staff. Thank you for your support. bit.ly/3bX4CR6