We give simple and easy-to-follow advice to small, medium, and large charities to help prevent cyber security breaches
It’s a simple fact that hackers target organisations of all shapes and sizes, and charities are becoming increasingly aware of the risk of a cyber security breach.
So we listed some easy steps that you can take to prevent your charity becoming victim to cyber crime. You can find more advice, tools, training, and guidance at the Charity Digital Cyber Security Hub.
Phishing emails are malicious emails containing links to fake websites, malware downloads or malware attachments. They account for around 80% of all reported cyber security breaches.
The best way to counter phishing is through education and charities of all sizes should provide training both to staff and volunteers to help them spot phishing emails. In particular, training should teach them to recognise malicious links and attachments and to refrain from clicking on them.
Larger charities can provide continuous phishing awareness training to all your staff using a product like Cofense PhishMe. It is also possible to reduce the number of phishing emails that staff receive by using an email security gateway which filters out malicious emails and malware before it is delivered to their inboxes.
Endpoint security software also provides other security features such as the blocking of malicious websites to help prevent users from visiting sites that are known to contain malicious links.
Medium and larger charities can also use a security gateway appliance (sometimes known as a unified threat management or UTM device) that filters all internet traffic arriving at a charity for malware and other threats. A security gateway appliance also includes the functions of an email security gateway (see above).
Ensure that your Wi-Fi networks are secured using encryption and can only be accessed using a password which is difficult to guess.
Since the password and other internet security features can be disabled by anyone who has access to your charity’s main internet access router, it’s also important to ensure that the administrator’s password is changed from the default password.
Almost all computer operating systems such as Windows 10 and MacOS include a software firewall to help keep hackers out.
A firewall works like a nightclub bouncer, checking all internet traffic before it is allowed into the computer and denying access to anything it does not recognise or like the look of.
Usually the firewall is turned on by default, but they can be disabled by malicious software or accidentally by the user. So it is important to check the firewall regularly and turn it on if it has been disabled.
Larger charities can use a security router, such as Cisco’s C881-K9 integrated services router, to enable your charity to benefit from a firewall where your charity’s network connects to the internet as well as security features such as an intrusion prevention system and VPN connection capabilities.
Passwords play a key role in keeping your charity secure by letting staff access information, accounts, and services running in the cloud, while denying hackers access. But passwords are only effective if they are strong – meaning long and difficult to guess.
In practice that means that passwords should be at least 13 characters long and made up of upper and lower case characters and special characters such as ! or &.
Since strong passwords are difficult to remember, and because staff should use a different password for each account, the only practical way for staff to use strong passwords is to use a password manager program, such as LastPass, Dashlane, or 1Password.
Some endpoint security software such as Norton Small Business also include password management.
A password manager stores all of a staff members’ passwords in an encrypted form and enters them automatically whenever they are needed. A password manager only works after it is activated by entering a master password – the only password that a password manager user has to remember.
Two-factor authentication (2FA) can keep your confidential information and accounts secure even if a hacker guesses or gets hold of the account password.
That’s because in order to log in to an account protected by 2FA it’s also necessary to provide something else – often a code sent by text message to your phone, a fingerprint, or other biometric, or a code produced by an authenticator app such as Google Authenticator or Authy – in addition to the password.
2FA can be activated for many cloud accounts by simply selecting an option in the settings and providing a mobile phone number.
60% of breaches involve hackers exploiting known vulnerabilities in older versions of software. These breaches could have been avoided if the software had been updated to the latest versions which removed the vulnerabilities.
To ensure you are running the most up-to-date versions of your software ensure that you select any option to check for updates at start up and configure Windows to install updates automatically.
Free software updater programs include Patch My PC Updater and IObit Software Updater. Many endpoint security programs including from vendors including Avast! and Avira also include software updating modules.
The best way to check that your charity’s cyber security measures are effective is to test them. You can use a variety of free tools to carry out these tests.
The most effective way for larger charities to test your security measures is to employ professional penetration testers to carry out a thorough test of your cyber security.