How charities can keep safe from the threats of the Dark Web

Aside from Dark Web monitoring software, what can I do as a small charity with no budget to hire an IT or security expert?

Whether or not they can undertake Dark Web monitoring, as part of the NCSC (National Cyber Security Centre)’s Cyber Security: Small Charity Guide there are a number of steps that charities should be taking to prevent their data falling into the wrong hands:

• Have the basics like your firewall in place and keep up to date antivirus software on all the computers and laptops your staff use.
• Keep all your software and operating systems up to date with the latest versions, as once software vendors end security support for their products they are no longer secure.
• Make sure trustees, staff and volunteers only download apps from legitimate manufacturer-approved app stores onto their devices, as dodgy apps can be the cause of data-stealing malware. The same goes for not allowing just any old USB or physical memory card to be plugged into your organisation’s computers.
• Practice awareness when it comes to phishing, fraud and online scams. Make sure everyone in your organisation has their critical thinking switched on and knows never to click on anything or reply to anything they’re unsure of but to report it straight away.
• Have a thorough password strategy in place including enforcing strong, unique and hard-to-guess passwords for all accounts.

How can I help my charity’s users keep up with the level of password management required to keep us protected?

For an organisation with supporters and members logging into their website or submitting their information when they donate, this represents a lot of unknowns. Without your charity’s knowledge, supporters could be using the same insecure password that they use across other websites and accounts. The reality is that even if you have great security internally and are doing everything right, their data could be breached elsewhere, and your charity could be in the firing line for it.

For that reason, user awareness and education are very important. Getting people to change their passwords or making them overly complex is difficult and making things less convenient for donors or service users is the last thing a charity wants to do.

However, charities need to try to enforce some level of password security, ideally by having rules that stipulate a strong password. Two-factor authentication is also a tried and trusted way of adding an extra layer of security to logins, requiring users to log in via a code sent to their mobile device.

For internal users such as staff and volunteers, charities should impress the importance of using different passwords. Get a password saving app or user credential management platform such as Dashlane, Lastpass or Okta for your organisation. These apps are a fantastic security tool as they let you store all your various passwords inside a protected environment secured with just one unique password, so users only need to remember one.