Cyber Advisor is the National Cyber Security Centre’s (NCSC) scheme to help small and medium-sized organisations find reliable, cost effective cyber security consultancy. Cyber Advisors are assessed against whether they can understand and communicate with small organisations to give proportionate and sensible cyber security support.
Cyber Advisors are instrumental in raising cyber security awareness within the charity sector, and many present at conferences and offer advisory work and awareness sessions, often going on to guide charities through the Cyber Essentials certification process.
Many charities are working with fragile financial models, and the persistent economic pressures often make it necessary to prioritise critical operational expenses, such as staff salaries, over investing in cyber security measures. In this challenging landscape, Cyber Advisors are instrumental in shifting the focus of small to medium-sized charities from a reactive to a proactive stance on cyber security. The introduction of the UK government’s Funded Cyber Essentials Programme was a game-changer, providing these Advisors with the resources to guide and support small charities in making substantial progress in their cyber security efforts by achieving Cyber Essentials Plus certification. The 2022-23 programme was aimed at small, vulnerable organisations, and covered the cost of certification, as well as the fees for a Cyber Advisor to help them achieve Cyber Essentials Plus.
Cyber Essentials is an annually renewable certification scheme consisting of five controls that will reduce the impact of the most common cyber attacks.
Cyber Essentials Plus is based on the same five technical controls as Cyber Essentials, but also includes a technical audit of the IT systems to verify that the controls are in place.
We asked some of our Cyber Advisors how they support charities?
Simon Whittaker from Vertical Structure says, “I encourage small charities to seek out the reputable advice and support that is available for free. A good place to start is the National Cyber Security Centre’s (NCSC) website which has numerous guides for small organisations and charities. “
Chani Simms from MetaDefenceLabs says, “As a Cyber Advisor, I offer consultancy to provide basic cyber security protection in an affordable, practical way for resource-limited charities. This includes:
Gap Analysis: Assessing current cybersecurity measures to understand gaps in meeting Cyber Essentials requirements.
Scope Definition: Identifying what IT infrastructure is in-scope for Cyber Essentials, including BYOD and cloud services.
Technical Controls: support setting up essential security measures like firewalls, secure configurations, malware protection, and user access control, including MFA.
Training: Advising leadership and educating staff on cybersecurity best practices, like secure passwords and phishing awareness.
Policy Development: Creating key security policies such as password and device use policies.
Self-Assessment Assistance: Helping charities accurately complete the Cyber Essentials self-assessment.
Vulnerability Management: Ensuring all devices and software are regularly updated, with critical security updates applied within 14 days. “
David Pitre from CSIQ says, “Cyber Advisors empower nonprofit organisations by providing them with the knowledge to safeguard their sensitive data and digital assets. Since many charities have limited funding and access to cyber security experts, many are unaware of their risks and often feel disadvantaged in light of the ever-increasing risk of a cyber attack.
As a Cyber Advisor, I work with nonprofit organisations to identify and mitigate their industry-specific cybersecurity risks. Our focus is on creating cost-effective plans that significantly reduce the threat of commodity attacks such as ransomware, malware, and phishing. These strategies provide a sense of security, knowing that your organisation is less vulnerable to cyber criminals’ common tactics.
We recently helped a small non-profit implement basic staff training and cyber hygiene procedures, substantially decreasing susceptibility to phishing attempts following a simulated phishing attack.
Charities can strengthen their defences against cyberattacks without high costs by engaging with a Cyber Advisor.”
Andrew Spencer from Evolve North says, “Cyber Advisors are evaluated in their skills of providing practical advice which is both easy to understand and appropriate for the size of the charity they are working with. The advice will often prioritise on low or no-cost solutions which are simple to implement and manage, and effective for your charity’s specific needs.”
Rob Lancaster from StarSwift Information Security says, “According to the latest Cyber Security Breaches Survey published in April this year, around a third of UK-based charities reported some form of cyber security breach or attack in the last 12 months. NCSC assured Cyber Advisors can offer expert guidance on strengthening cyber security, implementing foundational security controls, and assisting with Cyber Essentials certification. Even with limited budgets, charities can take steps to improve their cyber hygiene and reduce the risk of a cyber security breach”.
Find a Cyber Advisor near you