Social security: charities versus banks

IT | Brian Shorten | 22 Nov 2010

Brian Shorten compares the information security needs of the charity and banking sectors.

Many people think that charities would have little need for security. After all, the perception is that they have little to protect. The phrase “we’re only a charity you know, not a bank” is one I’ve heard many times. In practical terms that may be true, because charities don’t have the physical assets that banks have such as stocks, shares, cash and bullion.

However, charities have supporter information and credit and debit card information on purchases and donations. They also have one other asset that financial organisations do not have – a good reputation with the public at large and supporters.

Consider the difference in the public attitude towards banks and charities. The old idea of the banking sector as the height of conservative stability has gone for most people, and yet the banks continue to thrive and grow; it seems we cannot exist without them. I’m sure this wouldn’t be the case with the charity sector, as an impact on a charity’s reputation could have a long-term detrimental effect on its income.

So, charities have much to protect; how do they do it? The principles are basically the same – list the assets to be protected, assess the risks to the assets, decide the processes needed to mitigate the risks, introduce a process to review the complete process – and repeat.

Those assets will include supporter information, credit and debit card information on purchases and donations as previously stated, plus personal information on the staff, financial information and maybe intellectual property information.

Internal resources

One other difference compared to the banks is the internal resources that a charity can call on; they have firewalls, web monitoring, intrusion detection/protection, but may not have the budget for the latest versions or updates. They have technical staff who can use the firewalls etc, but keeping up-todate with the latest technologies requires training and that tends to be expensive.

In many cases the suppliers will help with cheap or cheaper upgrades to the technical processes, and cheap training for technical staff. They may also help with technical training.

There are other methods to cut costs; charities are very good at sharing experience and advice; plus many organisations will make arrangements with several charities who have the same equipment to share upgrade and training costs.

Brian Shorten is BCP, risk and security manager at Cancer Research UK and chair of the Charities Security Forum

Directory: Cancer Research UK (CRUK)
Who's Who: Brian Shorten

Comments

[Cancel] | Reply to:

Name *

Email *

Organisation

Job Title

Comments *

Verification *

* Please read our Community Standards

Close »

Community Standards

The civilsociety.co.uk community and comments board is intended as a platform for informed and civilised debate.

We hope to encourage a broad range of views, however, there are standards that we expect commentators to uphold. We reserve the right to delete or amend any comments that do not adhere to these standards.

We welcome:

Robust but respectful debate
Strongly held opinions
Intelligent relevant discussion
The sharing of relevant experiences
New participants

We will not publish:

Rude, threatening, offensive, obscene or abusive language, or links to such material
Links to commercial organisations or spam postings. The comments board is not an advertising platform
The posting of contact details for yourself or others
Comments intended for malicious purpose or mindless abuse
Comments purporting to be from another person or organisation under false pretences
Gratuitous criticism, commentary or self-promotion
Any material which breaches copyright or privacy laws, or could be considered libellous
The use of the comments board for the pursuit or extension of personal disputes

Be aware:

Views expressed on the comments board are left at users’ discretion and are in no way views held or supported by Civil Society Media
Comments left by others may not be accurate, do not rely on them as fact
You may be misunderstood - sarcasm and humour can easily be taken out of context, try to be clear

Please:

Enjoy the opportunity to express your opinion and respect the right of others to express theirs
Confine your remarks to issues rather than personalities

Together we can keep our community a polite, respectful and intelligent platform for discussion.