In the ICO’s latest analysis of data security incident trends, three key risk areas are identified for charities:
Phishing emails – where an email pretends to be from a trustworthy source, and includes link that lead to websites that will attempt to gather personal data or deliver malware.
Loss or theft of paperwork or data – where the loss was either from an insecure physical location or where the digital data was not encrypted
Data emailed to the wrong person – either using the wrong email address, or using To: or CC: where BCC: ought to be used (or not sent like this at all!)
Do you have a robust IT security policy, supported by training and clear rules for reporting incidents? Does it include rules for working from home, memory sticks, passwords, and sending personal data by email (or not)? This is just one area I cover in the data protection review so click here for more information on how I can help you stay safe from cyber incidents.