Many charities, particularly smaller ones, do not realise the value of the personal, financial, commercial and other data they hold, according to a report by the National Cyber Security Centre (NCSC).
Charities typically do not perceive themselves as targets, but cyber criminals have realised that they hold lots of data which can make them vulnerable to attack. In light of the new EU data protection laws the NCSC has issued new cyber security guidance to small charities encouraging them to try and improve their cyber security.
According to the NCSC threat assessment, the culture of openness makes small charities more vulnerable to cyber fraud and extortion, with many falling victim to a range of attacks with potentially devastating consequences.
There are almost 200,000 charities registered in the UK, and the threat assessment reveals how cyber criminals are targeting their funds, supporter details and information on beneficiaries.
The guidance for small charities outlines easy and low-cost steps to protect from attacks, including advice on backing up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.
The report reassures people that investment in cyber security may not be as expensive or time consuming as they think and prove cheaper than repairing the damage after a cyber-attack.
“Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat” Alison Whitney, director for engagement at the NCSC.
One example details how a UK charity lost £13,000 after its CEO’s email account was hijacked to send a fraudulent message instructing their financial manager to release the funds, which is commonly known as business email compromise, CEO fraud, or whaling.
You can also report by calling 0300 123 2040 Monday to Friday 8am - 8pm
Helen Stephenson, chief executive of the Charity Commission for England and Wales, said charities play a vital role in our society and so the diversion of charitable funds or assets through cybercrime is particularly damaging and shocking.
“Unfortunately, charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust”.
Stuart Etherington, CEO of the National Council of Voluntary Organisations (NCVO) said awareness and knowledge about cyber security continues to differ among charities, but it is important that all charities protect the data they hold from cybercrime.
The UK government has also indicated that it is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.
The article includes advice to help charities protect themselves from the most common cyber-attack, the top five topics are:
To read the full article click here ‘Cyber security – a small charity guide’
If you would like help to improve your cyber security, don’t hesitate to get in touch. Call 01482 210999 or email [email protected]