Australia’s premier intelligence and cyber security organisation has launched a campaign to assist charities and not-for-profit organisations to protect themselves against cyber security threats.
The Australian Signals Directorate (ASD) launched its cyber security campaign on 18 March. Running until 31 March, it seeks to alert charities and not-for-profits to the risk of cyber attacks and encourages them to put appropriate security protocols in place to protect themselves.
The ASD says cyber security is an essential consideration for charities and not-for-profits of all sizes due to a continued nationwide increase in the frequency and cost of cyber attacks to Australian organisations. It says these organisations can be particularly vulnerable because they have insufficient resources to put in place robust security measures.
The effects of a cyber attack can be costly, the ASD says, and can lead to the loss of sensitive and valuable information, service disruptions, unauthorised alterations to systems, and reputational damage.
The agency is therefore recommending that these organisations view its advice for them on www.cyber.gov.au, and complete the cyber security checklist. The checklist includes steps to help charities and not-for-profits improve their cyber security posture and cyber hygiene practices.
It also recommends that charities and not-for-profits join ASD’s Cyber Security Partnership Program as a network partner to receive the latest cyber security insights and access to the experience, skills and capabilities of other Australian organisations.
The ASD’s key messages for the campaign include:
- A reminder to charities and not-for-profits to take action to secure their sensitive information and systems online to reduce the risk of a cyber incident.
- Cyber threats are increasing, with a cyber crime now reported every six minutes on average.
- Charities and not-for-profits of any size can fall victim to a cyber incident.
- ASD provides cyber security advice and best-practice guidance to help Australian organisations, including charities and not-for-profits, mitigate cyber risks and recover from incidents.
- The latest cyber security insights and access to the experience, skills and capabilities of other Australian organisations are available free by joining the ASD Cyber Security Partnership Program.
- Supporting the campaign by sharing resources for charities and not-for-profits with their staff and relevant stakeholders in their networks, including the article and case studies.
- All cyber incidents should be reported through the Report Cyber portal at cyber.gov.au/report, or by calling the Australian Cyber Security Hotline on 1300 292 371 for assistance. The ASD also asks participating organisations to help raise awareness of the campaign theme by sharing the Cyber Security for Charities and Not-for-Profits messaging and materials through social media posts and on LinkedIn, and use the hashtags #CyberSafetyForCharities, #CyberSecureNonprofits and #CyberSecurityForNFPs.
The CEO of Canberra-based IT management services company OPC Clinton Henderson said the two-week campaign is really a drive from ASD designed to get not-for-profits to meet minimum standards.
“It’s your multi-factor authentications, your strong passwords, your patching of devices and applications,” he told Region. “It’s really a minimum standard that every not-for-profit should be at, whether they’re one seat or 400 seats.”
OPC has a number of not-for-profit clients and has helped them to manage their own cyber-resilience.
“For our not-for-profits, all of them don’t just meet minimum standards,” Henderson said. “We’ve gone over and above that with additional security, end point hardening as an example, running table top exercises and educating users.”
Henderson praised the idea of ASD’s partnership program, although he agreed that it might be a little daunting for a small organisation looking to partner with what has traditionally been seen as a senior intelligence agency.
“They can take it as advice and someone to call upon. If they don’t have a provider like OPC, they know that they can rely on and go somewhere for those questions. It gives them the opportunity to go, ‘I’m not sure, is this malicious?’, it gives them that avenue.
“For our clients we’re sending out constant updates to say that, ‘this is a known issue, please be aware of this’,” he added. “We’re getting in front of that, whereas if it’s a small not-for-profit that has no managed provider and they’re trying to do it alone, then I think the ASD partner program will be beneficial.
“The not-for-profit community in Canberra is very good at sharing information, they all know each other and they all talk to each other, so in pushing this out to one or two not-for-profit, they will share it amongst themselves.”