Calling on All Professionals Using Linkedin - Apply Now!

The Hacktivist Attacks; Charity gets Fined!

Recently, a charity, the British pregnancy Advisory Service BPAS, was fined a significant amount of money by the UK's information Commissioner's office or ICO. A summary of what happened follows.

An opportunist individual, with some basic technical knowledge, who had strong anti-abortion views, tried and succeeded. He found an unlocked a door to an information treasure trove on the BPAS website. The advisory service was unaware that they were retaining information collected from the public and storing it, for several years. There was real danger to life and limb if this data leaked! Fortunately, the police got to the attacker on time and the data was not leaked.

Regardless, the UK ICO decided to penalise the charity and served it a ￡200,000 (over three hundred thousand US Dollars) penalty notice. The primary reason: A serious contravention of the Seventh Data Protection Principle. Part of the ruling stated the following: “In particular, BPAS failed to take appropriate technical and organisational measures against the unauthorised processing of personal data stored on the BPAS website”.

The Custodians

Charities are custodians of not only personal information but as I call it, super private and sensitive information. This may not be true with some but in many instances charities support the vulnerable, the needy and those who are unable to defend for themselves. To offer this help, charities, understandably, need to collect and process information that a regular company selling a fizzy drink would not need.

Let’s take one example of a medical charity: a charity offering advice on, say, cancer would probably need to collect detailed personal medical information about the subject and possibly some details on the subject’s relatives so as to offer help, advice and guidance. All of this information has to be stored, processed, protected and importantly it has to be available to those who need it so that they may offer the necessary services to its members.

Until recently this data was (and probably is still) stored and managed locally starting from paper to local hard disks. Today, that is no longer the case for many. Today, that data is in the cloud.

Charities are seeking the benefits that cyberspace and technology have offer. Free or affordable, overhead free, cloud based services like file sharing, storage solutions and cloud based software services. But there is a problem. Embracing the Internet wholeheartedly exposes charities to the same risks and impacts as other more commercially focused organisations.

No Distinctions between a charity and a regular firm

In an article in 2013, titled "Public won't cut charities slack on data protection issues, warns ICO” published by the https://www.civilsociety.co.uk/ the ICO makes it very clear that, for example, when it came to complaining about misuse of call data, in their opinion “..the people pushing that button (reporting a possible misuse of their data) on our website are not drawing distinctions about who has contacted them – they just see this as nuisance marketing”

The number one priority, after survival, for charities is cost effective operations. Information security data protection IT optimisation etc. are all good to have however, they are not often a priority for most. In fact most charities probably don’t have complicated and structured IT organisations. Multiple job titles awarded to one individual to save costs and focus on their primary objective of giving back to the community.

The Time is Now!

The Give01Day, also known as GiveADay, platform allows Charities to tap into high calibre professionals by matching skilled cyber volunteers who donate one day of their time and skills to charities and schools in need of assistance.

Up to 200 of these professionals, including CISOs, VPs and CTOs from different UK organisations have already signed up and committed to give their professional day to help charities in all aspects of IT, security, data privacy, legal, web marketing, amongst other skills. Charities including Great Ormond Street Hospital, Future First and Cancer Research have already signed up.

Power in Diversity – GiveADay volunteers come from various backgrounds such as Legal, Information Security, Data Protection, IT Security, Penetration testing, Auditing, Secure Development, IT Management, etc. allowing us to match the many and varied needs of charities with the most appropriate resources.

Trust, it's all about Trust

In the end, charities, or the third sector as they are often called, rely on the trust of their sponsors, donors and beneficiaries to function. A cyber breach that compromises personal and sensitive information could severely impact the delicate fabric of trust that all parties place in charities. A breach of this vital trust may in some cases eventually force a small to medium charity to shut down.

It is time for the skilled and experienced amongst us to step up and share our knowledge and support them.

Sponsors - Please Get in Touch

Give01Day is not possible without the support from our sponsors. We’re a not for profit and companies, who share our vision, are essential to our ability to provide this service. Corporate sponsors fund our work and besides being a fantastic initiative it also brings some great commercial benefits to our generous supporters. Join us to make a real difference. Email [email protected] for a sponsorship pack.

Our current sponsors include the Cyber Management Alliance, Twist & Shout, ITSecurityGuru.org, informationsecuritybuzz.com, Badenoch & Clark, Eskenzi PR , Event Creation Network and https://www.insecuremag.com.