Insights
We look at anti-fraud resources that your charity can use, including the many tools on offer from the NCSC and some incredible training resources
Fraud is a huge problem in the charity sector. Charities increasingly find themselves the target of cyber criminals and fraudsters, many of whom aim to exploit economic vulnerability, and who take advantage of the culture of goodwill that defines our sector. Fraud is so widespread, in fact, that industry research suggest that it costs charities upwards of hundreds of millions of pounds each year.
The sector needs to take more action. According to research, less than half of charities have effective anti-fraud practices in place and less than 10% of all charities offer fraud awareness training. Charities need to take small and incremental steps. Even just an awareness of the main types of fraud, and understanding of what fraud looks like, can drastically improve your ability to detect and prevent fraud.
With that in mind, we want to explore some of the best resources available to charities. We will look at , among other things, guidance and resources from the National Cyber Security Centre (NCSC), as well as training and development options across the sector, and other tools offered from charitable organisations.
The most common form of fraud is phishing: when cyber criminals aim to convince people to click on unsafe links, so they can steal information, or install malware. As reported in the Cyber Threat Report: UK Charity Sector, phishing accounts for approximately 85% of charities who experienced a cyber breach.
The NCSC published extensive guidance on tackling phishing. It shows charities when to report phishing, what you should do after an attack, and how to make yourself a hard target. One of the most helpful resources aims to raise awareness, showing how to spot a scam email, text message or call.
Spoofing is another common form of fraud. That means people are sending emails pretending to come from your charity, typically with the aim of spreading malware, or conducting fraud. The NCSC has published guidance to prevent spoofing. They also offer the Mail Check tool, which provides anti-spoofing controls and, mitigate issues in email sending systems. Mail Check is a critical security measure, which not only protects charities from spoofing but improves the delivery of legitimate marketing emails.
Another brilliant tool to prevent fraud is the NCSC’s Exercise in a Box. This free online tool allows organisations to find out how resilient they are to a cyber attack and to practise their response in a secure environment, , highlighting vulnerabilities and areas for improvement through the provision of a detailed report, pointing you towards next steps and guidance.
Exercise in a Box offers a number of scenario-based exercises for you to choose from, including ransomware attacks delivered by phishing emails, insider threats, threatened leaks of sensitive data, and so on.
The most important element of fraud prevention is awareness. Phishing serves as a great example. An awareness of phishing attacks, an understanding of what they might look like and increases the chances of avoiding such attacks. Training and skills are essential if charities wish to mitigate against fraud.
Thankfully, on top of the many NCSC resources, there are plenty of training opportunities from across the charity sector. Consider the Fraud Advisory Panel, for example. The Fraud Advisory Panel offers guidance, consultations, research and thought leadership, webinars and videos, and so much more.
The Fraud Advisory Panel also offers charities important online training resources. That includes, among plenty of other resources, training to learn about some common risks around fraud, tips based on fundraising fraud, the basics of tackling financial crime and corruption, and so much more.
Another great resource is the Charity Commission. They regularly publish guidance that directly applies to charities, taking into consideration the latest fraud threats facing the sector and offering advice that addresses the threats. The Charity Commission also has some great tools for training and development that charities can use, including counter fraud templates for charity trustees, assessment tools for cyber awareness, and an aggregator of some of the most important resources for charities.
The Charity Finance Group (CFG) has a Hub dedicated to charity fraud. The Hub includes the latest news articles from around the sector, work the CFG has undertaken with other partners, and resources that include webinars, guides for small – and medium-sized charities, and so much more.
Get Safe Online has some specific anti-fraud guidelines for charities. It shows how you can train all members of staff, from trustees to volunteers, defining the responsibilities of each group.
The Association of Charitable Foundations has published a detailed report on detecting and deterring fraud in grant funding. The report aims to mitigate risk, boost due diligence, and build on principles of good practice, incorporating recent changes to regulation and legislation.
Last, but certainly not least, Prevent Charity Fraud has tons of brilliant resources for charities, all of which are easily accessible and geared towards training and raising awareness. The resources include helpsheets, on-demand webinars, e-learning, case studies, and templates, among other things.
There are plenty of other tools and resources available to charities. So take a look at the NCSC website for more information on how to enhance your charity’s resilience, or contact Charity Digital for more advice on how to prevent fraud impacting your charity.
For the sixth year in a row, we're bringing back an action-packed event filled with Digital Fundraising insights from the charity and tech sectors. Join us on 7th October 2024 for a free, one-day online event featuring informative webinars and interactive workshops.