The latest figures show that charities are reporting less incidents but too many are still not taking care when handling sensitive data.
Charities reported more than 100 data breaches to the Information Commissioner’s Office (ICO) during the second quarter of the year, according to latest figures. The regulator has published statistics regarding breaches for the second quarter of 2019/20. This shows that charities reported 108 incidents. This is down on the same period the previous year, when 137 were reported. Loss or theft of paperwork in an insecure location was among the most common causes, listed in 23 cases. Other reasons include loss or theft of a device containing personal data, listed in four cases, while data emailed to the wrong recipient was cited in seven reports. In a further seven cases a failure to use the blind carbon copy (Bcc) feature when sending emails was listed as a factor in the breach. Phishing attacks, involving email scamming by criminals, was cited in eight reports. In total there were 2,984 breaches reported to the regulator during this period.
The sectors most affected were health, with 591 breaches, general business with 492 and education and childcare, with 298. In September last year the ICO called for better data protection training for staff following a review of eight charities that uncovered concerns around data monitoring, reporting and training.
Last week Charity Digital published its 2020 Cyber Security checklist to protect charities against cyber security threats. This included preparing for new cyber threats through the rise in 5G as well as keeping anti-virus software up to date. Ransomware is a continued threat and extra care needs to be taken with mobile security. According to the government’s latest Cyber Security Breaches Survey around a quarter of charities report at least one attack a year, with the sector seen as an easy target for criminals.