On the governance today and in the future
How have changes in technology impacted the sector in the last 10 years?
Technology changes have meant that the whole way organisations conduct business has moved online. Ten years ago, payment by cheque was still the most common way of paying staff and suppliers in the culture sector, with a paper trail being generated. We are now experiencing a time where online payments are the norm and staff need to be prepared for the potential issues which will hit them, including invoice redirection fraud, ransomware and phishing attacks.
Every part of the organisation needs to be aware of how to identify and combat fraud. That means that staff will likely need to be trained – at every level – to identify and avoid suspect messages. Further training will be needed for financial staff members to understand the specific risks they can face.
The world of cyber crime means that a charity in the cultural sector is just as, if not more, likely to be hit by ransomware as a major bank. Bad actors do not discriminate, unfortunately.
How do you see the governance of culture evolving over the next few years?
In general we have seen an evolution over the past ten years of cyber crime going from the ‘hobbyist’ to the ‘organised criminal’ – these bad actors are hacking and phishing as their full time job. That means that cyber protection against these attacks is rising up the agenda for businesses in every sector. Over the next few years we expect these trends to continue in an upwards trajectory.
At the same time, the rise of data protection legislation has made it very clear that every organisation needs to store and use personal data in a responsible manner – and this trend will also continue.
Rather than scaremongering, the message we want to send to small- to medium-sized enterprises in the charitable sectors is this: there are simple and basic ways you can protect
your organisation online. With a bit of guidance, organisations can make use of a lot of free tools that are available, to gain better governance.
What can we learn from other sectors - in the UK and internationally - about good governance?
Other sectors – such as financial services – have naturally been forced to think about cyber protection more acutely, and we can draw lessons from their experiences. There is always a balance to be struck between reasonably investing in cyber protection, while meeting budgets.