A data breach can have extremely damaging repercussions for a charity. Find out how to minimise the impact and keep your organisation secure in the event of a breach
Data breaches can be extremely troubling events for any organisation. But as organisations that rely on public trust and donations in order to continue operating, data breaches can have an especially grave impact on charities.
As the amount of data we interact with in our day to day life has grown in recent years, so too have the risks of a data breach.
When living and working online we often need to share our details with other organisations to access their services or buy goods and products from them.
A data breach occurs when information held by an organisation is stolen or accessed without authorisation. If any organisation you have shared your details with falls victim to a data breach, the information that you have shared with them may potentially fall into the hands of scammers and cyber criminals.
Criminals can then use this information when creating phishing messages (such as emails and texts) so that they appear legitimate. The message has been designed to make it sound like you’re being individually targeted, when in reality the criminals are sending out millions of these scam messages.
These techniques are known as ‘social engineering. Fraudsters exploit well-meaning staff members using knowledge about them that they have gathered from online sources. They use this information to convince them to reveal confidential information like passwords, to make a payment to the hacker, or simply to click on an attachment that contains malware such as ransomware.
Criminals may even send messages pretending to be from an organisation that has suffered a recent data breach.
Even if your details are not stolen in the data breach, the criminals will exploit high profile breaches (whilst they are still fresh in people’s minds) to try and trick people into clicking on scam messages.
If you’re a customer of an organisation that has suffered a data breach you should take the following actions.
The NCSC has published a range of resources to help keep you and your data safe.
For advice on creating strong passwords and staying safe online, visit www.cyberaware.gov.uk.
If you’ve received nuisance, suspicious or unwanted calls, please refer to this guidance from Ofcom.
If you would like to access this data breach information in infographic format you can do so here.
Get more information and guidance on data breaches from the NCSC