The Government Communication Headquarters, GCHQ, in the guise of the National Cyber Security Centre (NCSC), has just published a useful and thorough guide for small charities.
‘…charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally’.
Source: Ciaran Martin, CEO of NCSC.
The booklet contains detailed reflection and advice on five key areas of data, ICT and operational practice – all of which can leave you exposed to hackers or the malevolent site visitor.
Calm and clear in its concise advice, the detail of the publication covers…
Backing up your data
Protecting your charity from malware
Keeping smartphones and tablets safe
Using passwords wisely
Avoiding ‘phishing’ attacks
‘…good practice will only be effective if everyone plays their part, seeking out and applying relevant advice to help improve their charity’s resilience to the growing threat of cyber crime. Taking even a few of the simple steps recommended in this guide will be a good start to better protecting your charity from harm.’
Source: Helen Stephenson, Chief Executive, The Charity Commission.
We think all charities and social businesses will find this a useful publication, regardless of size.
Calm advice in a frenzied technological landscape is always welcome.
Thinking about good practice at Enterprising Communities
”The purpose of this guidance is to help trustees comply with their legal trustee duties when overseeing their charity’s fundraising. It sets out 6 principles to help them achieve this.
It focuses primarily on matters within the Commission’s regulatory remit. It is not a guide to the wide range of laws and regulations that apply to specific types and aspects of fundraising, but it provides links to sources of information about these rules”.
Source: Fundraising for Trustees CC20 The Charity Commission.
We detail the key principles of Trustee responsibility here…
This is about you and your co-trustees agreeing or setting, and then monitoring, your charity’s overall approach to fundraising. Your fundraising plan should also take account of risks, your charity’s values and its relationship with donors and the wider public, as well as its income needs and expectations.
2. Supervising your fundraisers
This is about you and your co-trustees having systems in place to oversee the fundraising which others carry out for your charity, so that you can be satisfied that it is, and remains, in your charity’s best interests. It means delegating responsibly so that your charity’s in-house and volunteer fundraisers, and any connected companies, know what is expected of them. If you employ a commercial partner to raise funds for your charity, the arrangement must be in the charity’s best interests and comply with any specific legal rules and standards that apply.
3. Protecting your charity’s reputation, money and other assets
This means ensuring that there is strong management of your charity’s assets and resources so that you can meet your legal trustee duty to act in your charity’s best interests and protect it from undue risk. It includes ensuring that there is adequate consideration of the impact of your charity’s fundraising on its donors, supporters and the public, making sure that your charity receives all the money to which it is entitled, and taking steps to reduce risk of loss or fraud.
4. Identifying and ensuring compliance with the laws or regulations that apply specifically to your charity’s fundraising
The legal rules that apply to various types of fundraising can be detailed and complex. They cover compliance in important areas such as with data protection law, licensing, and working with commercial partners. There are new rules in the Charities (Protection and Social Investment) Act 2016 which affect some charities that fundraise. You should make sure that your charity has access to sufficient information and appropriate advice to ensure that its fundraising complies with all relevant legal rules.
5. Identifying and following any recognised standards that apply to your charity’s fundraising
These are in the Fundraising Regulator’s Code of Fundraising Practice. The Code outlines both the legal rules that apply to fundraising and the standards designed to ensure that fundraising is open, honest and respectful. The Commission expects all charities that fundraise to fully comply with the Code.
6. Being open and accountable
This includes complying with any relevant statutory accounting and reporting requirements on fundraising and using reporting to demonstrate that your charity is well run and effective. In your fundraising communications it is about being able to effectively explain your fundraising work to members of the public and your charity’s donors and supporters.
The Commission has also published an accompanying check-list for Trustees around fund-raising too.
The Charity Commission have just published a new paper outlining a series of useful questions on policy, strategy, effectiveness and outcome linked to the digital engagement of of trustees, staff, volunteers, service users and customers. Read more…
The twelve key questions are designed to help trustees map a digital strategy for their organisation, to measure its effectiveness and to ensue that digital process and delivery help staff, volunteers and end users for a charitable sevice to get the best from their experience.
The twelve headline questions from the Commission are offered below…
How are we adapting our governance processes to reflect decision making in the digital age?
Are new trustees being briefed?
Have we got the right team in place to help us capitalise on the opportunities and manage the risks in digital?
How does digital fit into our organisational strategy?
How can the board influence the charity to create a culture in which digital can flourish?
As more people seek help and information online, how could our charity support them?
Is our charity using digital to build its brand?
Is our charity equipped to manage reputational risk online?
How will our charity use digital to fundraise, and how will this be aligned to our ethics and values?
Are our IT systems and data secure?
Do we understand what success looks like on digital?
What are the resource implications of digital?
You can explore the detail, and the important subsidiary questions to be asked at board meetings, or policy setting engagements for your organisation, here: