Co-operation is key to winning security battle

Martyn Croft, head of corporate systems, The Salvation Army UK

Next week, the Charity Finance Directors’ Group devotes part of its annual IT conference to information security. I will be addressing some of the specific information security challenges from a perspective of IT risk and reward.

The past 12 months have seen many news items reporting data loss, data leakage and the rise of e-crime. At home, our PCs are targeted by armies of botnets proliferating spam or siphoning off our details to facilitate raids on our bank accounts.

In protecting against these threats, my laptop now takes forever to start up with seemingly endless updates and scans before it is safe for me to use. That is the reward for mitigating risks.

In our business it is paramount that we protect our personal data and the data of those with whom we work. And for charities that includes not only those we serve, but also our supporters. For instance, a fundraisers database will be just as valuable as a stack of stolen payment card data, and a membership database should be carefully protected from hackers and slack procedures.

A fundamental question that needs to be asked is: who owns the data? Knowing that allows IT leaders to establish procedures for its handling and whether it is appropriate for data to be copied to storage devices or sent to personal email accounts.

Automatically identifying sensitive data at the point of exit from the organisation is becoming a necessity for compliance with standards such as PCI-DSS, but may lead to questions about common practices that place expedience before compliance.

There are the obvious risks to reputation that can accrue from phishing attacks on an organisation, and charity phishing employs a different psychology to the usual banking scams. But every pound scammed is also a pound diverted from the support of good causes. Collaboration would provide opportunities to minimise these risks.

Martyn Croft is head of corporate systems for The Salvation Army UK and will be speaking at the Charity Finance Directors’ Group 2009 IT conference on 19 March. Visit www.cfdg.org.uk