CT24 Conference Workshop Reflections: Cyber security is about the little things you can do that make a big difference.

The first in a series of post CT24: The Voice of the Passenger conference reflections, Wales Transport Strategy Lead, Michelle Clarke shares important cyber safety tips and insights from the Cyber Security workshop. 

 I’ve always been slightly worried at the amount of information I have on my laptop and the possibility of it being ‘hacked’, which made me consider how much more of a concern it must be for organisations which have to keep sensitive or confidential data.

 Community transport operators may hold information about individual passengers, their health conditions and addresses, staff and volunteer personnel records, and financial details related to contracts, tenders, grants and payroll. 

So the #CT24 session on Cyber Security was timely, informative, and reassuring as it outlined practical steps we can take to strengthen protections around the data we hold.

‘Technology is a huge enabler - we just need to use it in a safe way. If you understand how cyber-attackers think, you can successfully defend your organisation from those attacks,’ explained Detective Inspector Martin Wilson, from the North East Business Resilience Centre. 

Although cyber-attacks can feel personal DI Wilson explained that ‘it is the weakness that’s targeted, not necessarily the organisation. It’s like a burglar trying house doors to see if one is unlocked – it’s opportunistic.’ 

I learnt that there are usually three things scammers want us to do when they send phishing emails: to click on a link, open an attachment or divulge information, in order to access our login details, deliver malware or steal data. 

It was shocking to discover how quickly some passwords can be ‘cracked’. A simple tip is to use three completely random words to create a strong password. Adding numbers and symbols makes it even stronger.

So what else can we do to protect our organisations? Fortunately, quite a lot! Some ideas:

•    read the Small Charity Guide on how to improve cyber security, and share it with your staff and trustees. 

•    check the Charity Commission website for your area for guidance on cyber-crime. For example, the Charity Commission for England and Wales has a useful guide 

•    develop a cyber-security policy to think about and mitigate any potential risks – this could include your password policy as well as broader information security

•    consider the Cyber Essentials Scheme self-certification programme (cost depends on size of organisation)

•    explore using a Password Manager to generate passwords and provide a secure ‘vault’ to store them in – you can do an online search and ask other organisations what system they use (costs apply). Check if the Password Manager offers Multi Factor Authentication for extra security, where you enter the password followed by an automatically generated code

•    run through the short (15 minute) online cyber-security session for beginners.

Charities which have experienced cyber-crime often go on to revise their IT security, their staff training programmes or their website security. DI Wilson encouraged us to make these changes before an incident occurs. ‘We’d much rather prevent the crime, than detect the crime.’ 

For those unable to join us on the day, you can access the powerpoint presentations from this workshop, here.