Last week Andy Morrison spent an afternoon at the CAFA conference in Peterborough cathedral, He hosted an “experts table” discussing Cyber Security and Cyber Essentials certification.
In a poll from the attendees we worked out that 30% of UK Cathedrals had experienced a cyber attack that had lead to a loss of some kind. The most serious was a change in bank account leading to an employees salary being lost! This was very sobering.
All of the cases would need reporting to the ICO and Charities commission now adays.
All but one example could be traced to an employee who didn’t have enough knowledge or experience to spot the attack a, combined with sufficient technical controls to avoid the impact. For instance configuring dual electronic signature on the bank account would have forced a second person to review what was happening.
Adding AI based anti-spam filtering could have prevented the email request that initiated the whole sequence of events from being seen.
Providing regular user cyber awareness training as support engineers visit to perform a simple walk around would help prevent this.
Going further and promoting Cyber Essentials in the organisation, and working to certify will remove about 80% of risk from Cyber Attack.
Cyber Essentials is your friend. It gives a UK government backed framework to guide you through best practices. If you are concerned about Cyber Security but dont know where to start addressing all of the issues then look at Cyber Essentials.
If you are still struggling then book a call with one of our consultants to discuss how we can help with guidance, advice and even a annual agreement for us to work closely with you and make sure you gain the certificate.
