Potential risks related to ICT include risks to security, health and safety and financial stability. Information and valuable equipment may be lost, damaged or stolen. Or unauthorised people may gain access to sensitive information. Charities above a certain size must carry out risk assessments and may need to take technical advice to address ICT-related issues. [...]

Anti-virus software works by comparing individual files with a list of known viruses. The list is usually updated at least every day by connecting to an online database which monitors the latest threats.

It is almost impossible to stop viruses attacking your computer so you must make sure you are able to deal with them.

An Acceptable Use Policy includes guidelines and procedures explaining how you expect staff, volunteers or clients to behave when using your computers. It may link to legal issues, health and safety, staff discipline or financial management.

Managers and trustees must take data security seriously and must take appropriate steps to avoid sensitive data falling into the wrong hands. This includes client information, staff and volunteer details, financial information or confidential reports.
Have a written policy about using and storing passwords and include it in your induction information.
Store data in as few places [...]

Data protection is about protecting people, not data. People can be harmed if their data is misused or falls into the wrong hands, or if inaccurate or insufficient data is used to make decisions that affect them.
Before collecting, storing or using data for the first time always check you are complying with the Data Protection [...]