Neighbourhood Watch Scotland certifies to Cyber Essentials

Oct 26, 2022 | Case Study, Cyber Essentials

Neighbourhood Watch Scotland is a community led charitable initiative which brings local people together to address crime and other community safety issues. Neighbourhood Watch groups often liaise with the local police, the local authority and other agencies linking them through an online alerting platform. Behind it lies a very simple idea; working together to make communities safer.

The Association of Scottish Neighbourhood Watches was established in May 2006 as the first independent body in Scotland with a national perspective on Neighbourhood Watch. Two years later, the Association received funding from the Scottish Government allowing it to employ its first member of staff and to start to work with Police Forces and other agencies to establish a single database of Neighbourhood Watches in Scotland. In December 2011, The Association of Scottish Neighbourhood Watches became a Scottish Charitable Incorporated Organisation (SCIO), known as Neighbourhood Watch Scotland.

There are currently over 1,700 registered schemes in Scotland, covering over 190,000 households and this number is growing steadily as new Watches are established. The charity encourages the setting up of local Neighbourhood Watch initiatives, each with a lead Co-ordinator, and supports them to share community safety messages and Alerts via an online Neighbourhood Alert platform. Community safety and security advice is also offered on the website.

Business Support Officer, Varrie McDevitt tells us about some of the security challenges a small charity faces. “We are a micro business with only 3 staff operating with hybrid working arrangements. Our in house technical skills are very basic, yet we have an Office 365 environment using external hosted website and manage an externally national Alert platform. This means we are very reliant on the security of our services being provided by those that provide our core IT services.”

She goes on to explain the importance of assurance for their charity, “As an organisation that is all about community safety and security, and which has a long association with policing, it is important to us that we can demonstrate that we take security seriously ourselves which included the security and safety of our technology and the data entrusted to us to handle.”

The Scottish Government encourages organisations to take cyber security seriously and has actively supported Neighbourhood Watch Scotland to understand the growing cyber risks and to consider the Cyber Essentials scheme certification as a baseline standard to defend against the most common internet borne attacks. Funding was made available for the third sector to achieve Cyber Essentials certification, which they took advantage of.

Varrie continues, “Having achieved Cyber Essentials, it made sense that we should consider progressing towards *Cyber Essentials Plus. We did this without any additional funding support as we felt it provided the added external validation that we were meeting the critical technical controls, adding confidence to ourselves, our Board and our community of users. We are delighted not only that we have the necessary controls in place to defend against the most common cyber-attacks, but that independent validation provides a greater degree of confidence to us and our Board.”

*Cyber Essentials Plus includes a technical audit of the systems that are in scope to verify that the Cyber Essentials controls are correctly implemented.

As for the experience and the process of getting certified, Varrie is honest, “For us, it was a simple process as we pretty much left it to Jake our IT provider at Black Frog IT in Stirling to work through.” She admits that the main changes that were needed involved discussions with staff to explain how the controls fitted in with policies and procedures.

Whilst Neighbourhood Watch Scotland now know that they have the basics covered, they remain aware of the fact that this does not make them impregnable and remain alert to developing risks. Varrie explains, “As an alerting organisation involved in community safety, we link closely with the CyberScotland Partnership ( www.cyberscotland.com). We continue to keep ourselves and our communities informed about the developing cyber risks and have ready access to the wide range of cyber related services that the partnership hosts.”

When asked, Varrie considers what advice they would give to other charities and says, “It is clear that cyber attacks are evolving and can disrupt and devastate any size of business and that’s what we are up against. Smaller businesses often rely on the expertise of their IT Managed Providers. Achieving Cyber Essentials Plus is not an onerous task for small businesses with non-technical people and Cyber Essentials Plus provides that independent assurance that we are indeed getting the cyber basics right”.