Cyber security for charities

Charities are especially vulnerable to ransomware attacks, social engineering hacks and banking fraud. Here’s what you can do to protect your organisation.

In a sector that’s hugely dependent on public trust, and often involved in collecting sensitive information, proper cybersecurity is essential.

But a lot of charities – especially smaller ones – don’t realise its importance.

In a cyber threat assessment published in 2018, the National Cyber Security Centre (NCSC) said it was likely that cybercriminals posed “the most serious threat to the charity sector”.

Not only are you open to the loss of money or data if you don’t have the right cyber security measures in place, but you also risk having to put your operations on hold if an attack means you can no longer work as normal.

We think it’s essential that charities get up to speed with digital technology and its efficiencies, and that they take the right steps to protect themselves while using those systems.

What kind of cyber threats do charities face?

The funds and data that charities hold make them especially vulnerable to various types of cyber attacks.

Ransomware, for example, is a type of malware that captures the victim’s data and threatens to release it, or permanently block access to it, unless the attacker’s demands are met.

You may also be targeted by a social engineering campaign. This kind of attack works by manipulating people into taking a certain action or giving away confidential information, often by clicking on a link.

This is often done using fraudulent emails, also known as phishing, but it could also be done through a fake website.

More indirectly, criminals have exploited the charity sector by setting up websites for fake organisations, especially in response to global events and disasters, and asking for donations.

Guarding against phishing attacks

You might already have some idea of what a fraudulent email looks like. Most of us have come across poorly-written emails with blurry images, promising large financial rewards in some cases, and threatening legal action or fines in others.

While it’s good to be conscious of those giveaways, phishing emails are not always obvious and full of typos. They’re getting more sophisticated, and more convincing, as cyber criminals adjust their methods.

That’s why it’s important to put systems in place not only to avoid phishing attacks, but to minimise any impact a successful one has.

This includes configuring your IT systems so that a high level of access to data is only given to the people who really need it. By restricting the access that staff and volunteers have, you lower the risk that they could inadvertently give criminals access to your data.

Look at building security into your usual practices, too. Do staff know what to do if they get an unusual request by email, for example? And do they have a way of verifying the identity of important people in your organisation, such as trustees?

Cloud storage for backups

Backing up your data is an essential step to minimise the risk posed by cyber crime. By storing information securely and separately from your own computer, you’ll be better protected against attacks.

You’ll also be better positioned to keep working as normal in the event of physical damage, fires, floods or theft.

One option is to use a cloud storage provider to back up your data. This has the benefit of being generally more affordable than using your own hardware for storage, as well as offering a high level of security and the provider’s own expertise.

Be sure to choose your provider wisely, checking that they have reliable security systems in place and that they offer the right amount of storage to suit your needs.

Once you have a system in place, remember to back up regularly.

You can find more cyber security tips on the NCSC’s small charity guide, or ask us if you have any questions about digital transformation in your business.