This training uses resources and training developed and supplied with consent from the National Cyber Security Centre (NCSC) and the National Association for Voluntary Community Action (NAVCA)
Who is this training for?
For individuals linked to community and voluntary groups and small charities
What will you learn?
A briefing for charities and community groups covering what your group should be aware of and where to find support and resources to keep everyone’s information safe.
How long is the training video?
16 mins
The Support Cambridgeshire On-Demand Training portal updates your knowledge base around charity and community sector know-how. It is free to access whenever every you want. Fill in the form, press send, and you be sent the link to browse at your leisure, don’t forget to save the link so you can return it as many times as you want!
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/01/On-Demand-Training-image.jpg684845Costanza Dragohttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgCostanza Drago2024-10-29 09:38:292024-10-29 09:38:29New on-Demand training – Cyber security for small charities
NHS Cambridgeshire & Peterborough want to better support local people by giving them greater digital or online access to healthcare information, options, and services.
We are at the early stages of creating a digital/ online solution that is accessible and easy to use. Something that would offer you personalised support to get the healthcare you need, when you need it.
You will still be able to access care through traditional means (in person and over the phone) and we are keen that any digital solution helps enhance your health service experience.
Please help us understand what works well for you now and what would improve your experience. Your feedback will help shape how we improve digital access to healthcare in the future.
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2022/06/SC-standard-image-7.jpg684845Costanza Dragohttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgCostanza Drago2024-10-29 08:34:292024-11-01 15:06:13How do you want to access healthcare online
Hello and welcome to this recording from Support Cambridgeshire, a partnership of Cambridge CVS and Hunts Forum. This is one of several recordings we have developed to support small charities.
To accompany the recording there are guidance links, available at the end of the transcript which will provide you with any materials or links we mention.
Slide 2
What we’ll cover:
This training uses resources and training developed and supplied with consent from the National Cyber Security Centre (NCSC) and the National Association for Voluntary Community Action (NAVCA)
During this short introduction, we will cover:
Awareness of NCSC
Why Cyber security is important
What you and your group should be aware of and looking out for when it comes to cyber attacks
Where can you access support and resources for you and your group for free
This on-demand training is aimed at individuals linked to community and voluntary groups and small charities, the goal is to encourage you to consider your cyber security position.
Slide 3
Awareness of the NCSC
Who are the National Cyber Security Centre?
The National Cyber Security Centre or NCSC are formally a part of GCHQ, one of the 3 main UK intelligence agencies. The NCSC mission is to help make the UK the safest place to live and work online. The NCSC provides key and up-to-date guidance for charities which are free to use. Their website is a one-stop shop for any of your cyber questions. You can contact the NCSC via their enquiries page. There is a helpful link from Charity Digital article; An A-Z glossary of cybersecurity terms and definitions
Slide 4
What is a cyberattack?
A cyber attack is considered any malicious attempt to damage, disrupt or gain unauthorized access to computer systems, IT networks or devices (such as laptops, phones and tablets). Specifically without your knowledge and permission.
Recent cyber attacks have made news headlines; in June 2024 the NHS was attacked and several GP surgeries and hospitals were affected causing serious disruption. The British Library were also victim of a cyber attack in October 2023.
Slide 5
What is Cybersecurity?
In the opposite way Cyber security is the actions you take to protect your systems and devices from such an attack. By protecting your systems sufficiently, you stand a significantly stronger chance of keeping your systems and charity safe from an attack. Just as the internet is a fundamental part of life in keeping your charity running and accessible to all, so is your cyber-security.
Slide 6
Why are Charities and groups at risk?
Charities hold funds (often electronically), personal, financial and commercial data of interest to individuals and often of monetary value to a criminal. Often this data is sensitive, valuable and vulnerable to attack. Think about how your supporters would feel if their data was taken from your systems.
The Impact of a cyber-attack can range from missing data, stopping your operations temporarily or permanently, costs of a breach or lost revenue including the time taken to recover, and finally the reputation of your charity.
A Cumbria-based community charity, The Milom Network Centre, which supports local people with its food pantry, second-hand furniture sales and educational programmes, lost all of its charitable funds in May 2024 when it fell victim to fraud. Scammers emptied its entire bank account. Before the bank agreed to the refund the charity, they faced the very real fear of closure.
Slide 7
Who could attack a charity?
Cyber Criminals might attack a charity. This can be either untargeted or targeted. No matter which way it is, it’s usually always for financial gain. There is no information to say charities are specifically targeted over other sectors. However we know criminals scan the internet for organisations that have weak security defences.
If you think about an opportunistic burglar walking down street looking for properties with open windows. The burglar or cyber criminal won’t care if those windows belong to a small or large charity. It’s not just ransomware. Criminals can steal money through other routes like pretending, to be a supplier and asking for urgent payment on an invoice.
Nation States; There is currently no evidence of nation states targeting the charity sector but it is possible to be caught up in un-targeted attack by a nation state.
Lastly the Insider threat. And by that I mean a member of staff, volunteer, or trustee that’s working in the charity. The overwhelming majority of cyber incidents caused by insiders are accidental. However they can still have a significant impact on the operation of the charity. Its really important for charities not to foster a culture of blame for accidental ‘insider’ cyber incidents. It is so easy to make a mistake whether it’s clicking on a suspicious link or opening an attachment which could unleash a virus. The important thing is that staff feel that they can report without fear of repercussions. That way IT can be up and running quicker and data recovered faster.
But there could be a chance that the insider threat could be on purpose. Perhaps a member of staff is disgruntled or a trustee feels they have been ignored.
All these threats, whether targeted or untargeted, accidental or on purpose, can be mitigated by using some key cyber security approaches.
Slide 8
How are charities being attacked?
Ransomware is a type of malware that makes data or systems unusable until the victim makes a payment. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible. Following the initial ransomware attack, those responsible will usually send a ransom note demanding payment to recover the data. Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you pay. There is no guarantee that you will get access to your data or computer. Ransomware attacks can have a devastating impact on organisations, with victims spending significant amounts of time and money to reinstate critical services. Often skills need to be bought in from elsewhere. Replacing or upgrading expensive IT equipment is also often required.
The British Library and NHS cyber attacks I referred to earlier were Ransomware attacks.
Malware is malicious software that is designed to interfere with a computer’s normal functioning and that can be used to obtain information and commit cybercrimes.
Phishing is where untargeted, mass emails are sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. Most of us have heard about not opening suspicious looking attachments or weblinks, but these attacks do still regularly happen. Criminal groups will use charity branding or logos to make the emails look more legitimate, these can be obtained from websites or a simple google search.
A couple of examples on the slide. In May 2024 Companies House sent out an email warning of scam letters being sent out claiming to be from Companies House, the letters claimed that the recipient needed to make payment for Enhanced Web Filing Access.
In June 2024 we at CCVS posted on LinkedIn that we had been made aware by the Cambridge City Council of a fraudulent message aimed at Homes for Ukraine visa holders that was circulating online. The message falsely claimed to be from the Home Office and requested personal data.
Slide 9
What can you do to protect your charity?
What can you do to protect your data?
We will look at each area in a little more detail.
Backing up your data
Protecting against malware
Keeping devices secure
Create strong passwords
Defend against phishing
Slide 10
What can you do to protect your charity?
1. Back up your data
Backing up your data is your vital first step in your cyber security strategy. You must ensure not only that your charity is taking regular back-ups of important data but test that they can also be restored. This will reduce the inconvenience of any data loss from theft, fire, other physical damage or ransomware.
Identify what needs to be backed up. Usually, this includes documents, emails, contacts, legal information, calendars, financial records and supporter or beneficiary databases.
Ensure the device containing your backup is not permanently connected to your network either physically or over a local network.
Consider backing up to the cloud. This means your data is stored in a separate location (away from your offices/devices), and you’ll also be able to access it quickly, from anywhere. Link to Cloud security guidance from the NCSC is on the slide.
Slide 11
What can you do to protect your charity?
2. Protect against malware
Protecting your charity against malware (which is malicious software including viruses) doesn’t have to pricey or complicated, I have listed a few low cost and simple options on the slide
Use antivirus software on all computers and laptops. Only install approved software on tablets and smartphones, and prevent users from downloading third party apps from unknown sources.
Patch all software and firmware by promptly applying the latest software updates provided by manufacturers and vendors. Use ‘automatically update’ options where available.
Control access to removable media such as SD cards and USB sticks. Consider disabling ports, or limiting access to sanctioned media. Encourage staff to transfer files via email or cloud storage instead.
Switch on your firewall (included with most operating systems) to create a buffer zone between your network and the Internet.
There is a link on the slide to smartphone and device security guidance from NCSC
Slide 12
What can you do to protect your charity?
3. Keep Devices secure
Smartphones and tablets (which are used outside the safety of the office and home) need even more protection than ‘desktop’ equipment.
Switch on PIN/password protection/fingerprint and face recognition for mobile devices.
Configure devices so that when lost or stolen they can be tracked, remotely wiped or remotely locked.
Keep your devices (and all installed apps) up to date, using the ‘automatically update’ option if available.
When sending sensitive data, don’t connect to public Wi-Fi hotspots – use 3G or 4G connections (including tethering and wireless dongles) or use VPN’s.
Replace devices that are no longer supported by manufacturers with up-to-date alternatives.
There is a link to a NCSC blog post about mobile device management software on the slide
Slide 13
What can you do to protect your charity?
4. Creating strong passwords
Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorized people from accessing your devices and data.
Make sure all laptops, MACs and PC’s use encryption products that require a password to boot. Switch on password/PIN protection or fingerprint and face recognition for mobile devices.
Use two-factor authentication (2FA) for important websites like banking and email if you are given the option. Two factor authentication requires using a password and one other form of protection like a finger print, face recognition, pin or text message
Avoid using predictable passwords (such as family and pet names). Avoid the most common passwords that criminals can guess (like passw0rd).
Do not enforce regular password changes: they only need to be changed when you suspect a compromise.
Change the manufacturers’ default passwords that devices are issued with, before they are distributed to staff.
Provide secure storage so staff can write down passwords and keep them safe (but not with the device). Ensure staff can reset their own passwords, easily.
Consider using a password manager. And if you do use one, make sure that the ‘master’ password (that provides access to all your other passwords) is a strong one.
Links to further information and resources from the NCSC are on the slide
Slide 14
What can you do to protect your charity?
5. Defend against phishing
Phishing attacks are when scammers send fake emails asking for sensitive information (such as bank details), or the emails include links to bad websites and the emails encourage you to click on the links. To defend your charity against phishing attacks you can:
Ensure staff don’t browse the web or check emails from an account with Administrator privileges. This will reduce the impact of successful phishing attacks.
Scan for malware and change passwords as soon as possible if you suspect a successful attack has occurred. Don’t punish staff if they get caught out (it discourages people from reporting in the future).
Check for obvious signs of phishing, like poor spelling and grammar, or low quality versions of recognisable logos. Does the sender’s email address look legitimate, or is it trying to mimic someone you know? This is challenging as emails are increasingly sophisticated
Link on the slide is to 5 top tips to avoiding phishing attacks from NCSC
Slide 15
What to do if you are a victim of a cyber attack?
Despite your best efforts, cyber attacks can happen and if you think your charity has been the victim of a cyber attack – an online fraud, scams or extortion, you should report this through the action fraud website, there is a link on the slide.
You must report certain incidents that you’re legally obliged to report to the Information Commissioner’s Office (ICO) regardless of whether your IT is outsourced. This includes a personal data breach under the GDPR or the Data Protection Act.
You will also have to report it as a serious incident to the Charity Commission through the Charity Commission (England and Wales) website.
Reporting incidents will demonstrate that you have taken responsible action to identify problems within your charity. It also helps the Commission to gauge threats that may affect the wider sector and to take steps to address these with targeted advice and guidance.
If you are not sure if you have been attacked or need further advice, you can contact the NCSC enquiries.
Slide 16
NCSC Resources
The NCSC has produced a number of tools called the Active Cyber Defence tools or ACD. These are offered to organisations across certain sectors including charities for free. There are 3 tools which are worth looking into for your charity. They are Mail and web check and Early Warning.
Slide 17
NCSC Resources and guidance
The NCSC also has a lot of free resources including guides, support and advice. On the slide are a few resources that are useful to smaller charities in particular.
Small charity guide
Infographics: these are useful if your team has any specific questions or wants to learn more. They are available on the NCSC website and can be downloaded and printed.
E learning courses: this includes “top tips for staff”. The training can be completed online or downloaded and built into your own training platform. It takes less than 30 minutes to complete and is deliberately non-technical. This training is aimed at small organisations so some of the terminology is not aimed at charities but it is a useful resource for colleagues who may like some basic cyber skills.
Slide18
The Future
The future. Technology is constantly developing at an ever-increasing pace, with policy, legislation, and security furiously trying to play catch up. Plans for future legislation have again been amended with a new labour Government elected in July 2024.
AI briefly appears on the agenda but the focus appears to be on data protection matters and privacy rights.
We plan to update this training transcript with any relevant updates
We hope that this training has been of assistance in increasing your awareness of what is cyber security, who is the National Security Council and how you can protect yourself and your charity from possible cyber-attacks. Please do reach out to us directly with any further support needs and do check out our website for further training resources.
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/01/cover-1a.jpg600900Karen Cannhttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgKaren Cann2024-10-28 14:56:562024-10-28 14:56:56Cybersecurity for Small Charities
GET stands for Guidance, Employment and Training and was formed in 1989 with a mission to provide an ‘umbrella’ Infrastructure Group for the adult skills not-for-profit sector of Cambridgeshire.
Over the years membership has grown significantly, becoming more fluid and diverse. It includes voluntary, community and social enterprise organisations (VCSE), statutory bodies, private sector providers and individuals.
The GET Group meet 4 times a year. Speakers are invited to attend and share relevant organisational updates and information, we often have funding updates to share and update on as well.
We are excited to announce the return of the GET Group conference on Wednesday 5th March 2025, taking place online. We will be discussing how the voluntary sector can work with organisations offering guidance, education and training. We will also look at how we might put on some supporting training in that same week.
In the past GET ran an in-person celebration event where learners were able to tell their story. As we are now a truly county wide organisation we want to continue this idea but enable people from across Cambridgeshire to contribute. This means we want you to break out your phones and make short videos (a maximum of 2 minutes) that introduce your organisation, and that gets your learners to tell their stories. You can do more than one if you have a number of learner stories but we do suggest you keep them short. We will then arrange for you to submit the videos to us along with a permission form so that we can share these on the GET website and across social media. We will look to show some of these at the event on the 5th March but we will highlight them across that week. We are looking forward to celebrating our groups and organisations’ adult learners, so if you have an adult learner with a story to share and celebrate, please do get in touch with Jigna: jigna@cambridgecvs.org.uk
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/10/Staff-Blog-1.jpg684845Karen Cannhttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgKaren Cann2024-10-17 12:08:032024-10-17 14:13:56GET Group update. October 2024.
The October edition of the Voluntary Sector News is here. Please get in touch with Sandie Smith or Debbie Drew if you would like to know more about any of our work. Please pass this on to colleagues who may be interested.
Join us this Governance Month as we focus on empowering effective non-profit management. Support Cambridgeshire is committed to providing practical insights and resources to help trustees and staff navigate the challenges and opportunities unique to the sector.
Throughout the month, we’ll offer a range of events and workshops covering essential topics like:
Trusteeship: Understanding your role, responsibilities, and best practices.
Policy Development: Creating clear guidelines and frameworks for your organisation.
Strategic Vision: Setting goals, planning for the future, and measuring success.
We’ll also be sharing information about outstanding events hosted by other organisations specialising in these areas. It’s a chance to connect with peers, learn from experts, and strengthen your non-profit’s governance.
Events and Links to Booking Forms
Working with Your Chair: How to Create a Positive Relationship
Date: Nov 13, 1:00 pm – 2:40 pm
Format: Online
Description: This online event will explore critical stages and dimensions of the CEO-Chair relationship, providing tools to help you navigate and strengthen this partnership.
Understanding Our Business Models to Build Sustainability with Impact
Date: Nov 21, 12:00 pm – 1:30 pm
Format: Online
Description: This workshop will explore how to align your organisation’s income-generating activities with its mission and build long-term sustainability.
Whether you’re a CEO, trustee, or senior leader – Governance Month offers something for everyone. Join us for these valuable sessions and discover how to strengthen your non-profit’s governance and enhance its impact.
The Cambridgeshire Poverty Strategy Commission is a new, independent initiative to explore how the local system serves those experiencing the consequences of poverty, and how improvements can be made to this system. Initially facilitated by Cambridgeshire County Council, the Commission will draw on the experiences of its commissioners, as well as evidence gathered from people with lived experience of poverty.
Resolve Poverty are facilitating the lived experience elements of this effort, by hosting workshops over the next month in communities across Cambridgeshire. They are looking to engage with a diverse range of people across Cambridgeshire, to listen to their experiences, priorities and ideas for influencing the anti-poverty policies and strategies that are likely to affect them and others. Participants will be compensated for their time, as well as the VCFSE sector organisations that refer them.
If you can help to recruit participants, or you are interested in sharing your own experiences, then please contact Dan Oliver on daniel@resolvepoverty.org.
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svg00Costanza Dragohttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgCostanza Drago2024-10-10 14:57:522024-10-10 14:57:52Amplifying the voices of lived experience in Cambridgeshire
The Social Impact Investment Fund (SIIF) is a £2.375 million fund dedicated to supporting charities and social enterprises in the Cambridgeshire and Peterborough region. Funded by the Cambridgeshire and Peterborough Combined Authority (CPCA) and managed by Allia, this innovative programme provides capital grants and loans to social and third sector organisations.
The SIIF was created to bridge the gap between what social ventures need and what traditional finance offers. We understand that many impactful organisations struggle to access patient and flexible capital that prioritises their mission to deliver social value over financial returns.
The SIIF is here to change that. By offering grants and social loans, the SIIF provides tailored support that empowers social ventures to achieve both their social and financial objectives, while fostering community development and economic growth.
Social Impact: To support organisations that create significant positive social outcomes
Financial Sustainability: To create a model for sustainable future social investment, particularly for those who cannot access traditional financial solutions
Good Growth: To stimulate economic and social development in the Cambridgeshire and Peterborough area.
The SIIF offers three key funding instruments:
Grants: Non-repayable funds of £10,000 – £25,000; Best suited for charities or early-stage social enterprises with high social impact potential.
Social Loans: Affordable loans of £10,000 – £75,000; Best suited for growing social ventures who want to transition to more commercial forms of capital.
Revenue Participation Agreements (RPAs): An innovative funding model where capital of £10,000 – £75,000 is provided in exchange for a share of future revenues over a period; Best suited for revenue-generating organisations looking to grow without the pressure of traditional debt.
Grants are well-suited for non-profits or early-stage social ventures, while loans and RPAs are designed to drive growth and instil financial discipline in early to mid-stage companies, positioning them for larger, more traditional forms of capital, such as debt and equity.
To apply for any of the funding options under the Social Impact Investment Fund (SIIF), your organisation must meet the following eligibility criteria:
Location: Your organisation must be based in the Cambridgeshire and Peterborough Combined Authority (CPCA) region, including Peterborough, Fenland, Huntingdonshire, East Cambridgeshire, South Cambridgeshire, and Cambridge.
Social Impact Mission: Your organisation should have a clear social impact mission and a commitment to creating positive social outcomes in the local community, especially in line with CPCA’s aims to reduce inequality, create jobs, boost the economy, affordable housing, and build environmental resilience.
Capital Use: The grant and loan funding must be used for capital projects that contribute to growth, development, or expansion of the organisation, such as new product development, entering new markets, or increasing operational capacity to serve more customers and beneficiaries.
Financial Viability: Applicants must demonstrate financial stability and a realistic plan for sustainability.
Compliance: Organisations must comply with relevant legal, regulatory, and governance requirements, including subsidy control rules, as applicable.
Over forty individuals from voluntary organisations across the Fenland district attended the official launch of the Support Fenland project recently. The event which was held at the Queen Mary Centre in Wisbech was an opportunity for those from the voluntary sector to hear more about the project, meet the team and find out how they could be involved. During part of the event attendees were encouraged to discuss several topics including identifying the strengths of the Fenland area and how together with the help of the Support Fenland team, their organisations could find solutions to overcoming some of the challenges that also exist.
Support Fenland is a five-year project funded by the National Lottery Community Fund to help communities and charities across the whole of the Fenland District and is being delivered by the Support Cambridgeshire partnership (The Hunts Forum of Voluntary Organisations and Cambridge Centre of Voluntary Services also known as Hunts Forum and CCVS). Kathryn Shepherdson, Deputy CEO at Hunts Forum said “It is important that we hear first-hand the voice of those organisations based in the Fens for us to channel the support to those groups that need it. Their feedback is invaluable to us, and we look forward to working with communities and groups to ensure they flourish. Comments that we received following the event have been extremely positive, referring to the project a small group representative said, ‘If this had been about when I started up it would have been so useful.’ We want to ensure that no group or person with a good idea to help their community has to work in isolation and they are given access to support, guidance and advice when needed.
Support Fenland offers a range of free services including training, how to identify funding sources, making successful grant applications, structuring a non- profit group, writing polices and governance, providing networking opportunities, mentoring and much more.
Leading the project are Marija Lysak, Fenland Development Officer and Didem (Dee) Ucuncu, Fenland Communities Officer who both bring a wealth of experience from the private, charity and volunteer sectors. If you would like to know more about how Support Fenland can help you, please contact them on Fenland@supportcambridgeshire.org.uk
https://supportcambridgeshire.org.uk/new/wp-content/uploads/2024/08/Support-Fenland-Latest-news-image.png10801080Costanza Dragohttps://supportcambridgeshire.org.uk/new/wp-content/uploads/2023/09/support-cambs.svgCostanza Drago2024-10-02 09:05:472024-10-02 09:05:47Support Fenland Project Launches at Queen Mary Centre in Wisbech