The National Cyber Security Centre – a part of intelligence agency GCHQ – has launched the new Funded Cyber Essentials Programme.
The offer is available free to micro or small businesses that offer legal aid services and micro or small charities that process personal data, for example those working in safeguarding such as domestic abuse charities or online chat support. Eligible organisations receive 20 hours of support to help bring in the five technical measures needed to gain Cyber Essentials certification – firewalls, secure settings, access controls, malware and software updates.
Sarah Lyons, NCSC Deputy Director for Economy and Society Resilience said: “Charities and legal aid firms do incredible work supporting vulnerable people when they need it most, and that’s why it is vital they take steps to protect sensitive data.
“The new Funded Cyber Essentials Programme is a great opportunity for small organisations to gain free assistance with putting key cyber security protections in place. I strongly encourage organisations to register so they can boost their cyber resilience and help reduce the chances of falling victim to a potentially damaging cyber attack.”
And Dr Emma Philpott MBE, pictured, CEO of the IASME Consortium which delivers the programme for UK Government, said: “The Funded Cyber Essentials programme is aimed at some of the smallest and most vulnerable organisations in the UK. It is designed to encourage and support them to implement the minimum cyber security technical controls.
“Through the programme, IASME’s network of cyber security experts are able to use their skills to help those who need support most. The programme aims to protect small charities and legal aid firms, and the sensitive data they hold, from common internet threats.”
About Cyber Essentials
A UK Government-backed certification scheme, it’s for organisations of all sizes to show cyber security to customers, service users and stakeholders. More than 31,000 Cyber Essentials and Cyber Essentials Plus certificates were issued in 2022. Visit https://www.ncsc.gov.uk/cyberessentials/overview.
Comment
Chris Vaughan, VP – Technical Account Management, EMEA at cyber firm Tanium, said: “Cyber Essentials is a fantastic initiative which has helped many organisations become more resilient against cyber attacks. The scheme is growing each year and this latest announcement will expand the help offered to two not-for-profit sectors that are regularly targeted by cyber attacks: charities and providers of legal-aid. Helping these small organisations is important because they often have low levels of resources and expertise available to combat cyber threats. I have seen attacks aimed at these types of targets in the past and it’s awful to see their good work in helping people be disrupted. Their donations are vital to keep them running, so seeing money being spent on recovering from a cyber attack like ransomware rather than being directed into the important causes that they are supporting has to be stopped.
“Cyber Essentials shines a much needed light on the prevention of cyber incidents. In recent times, too much focus has been placed on dealing with attacks after they have already breached a network rather than trying to avoid a successful attack in the first place. Preventing all attacks isn’t realistic of course, but there are a number of simple measures outlined in Cyber Essentials that can be put in place to prevent the majority of attacks from being successful. A Tanium report, “Cybersecurity: Prevention Is Better than the Cure” looks at the attitudes of UK organisations about reaching a balance between preventative and reactive measures. It found that 90 per cent of director level respondents agree that ‘the majority of cyberattacks that we have experienced within our organisation have been in some way avoidable’. It also found that 68 percent of respondents believe that a predominantly preventative approach to cybersecurity is best, whereas a primarily reactive approach is favoured by only 32 per cent. Finally, 85 per cent of respondents surveyed agreed that there is a greater cost to recover from a cybersecurity incident than to prevent one.”
