Ten tips for robust cyber security

Cyber security means protecting your computer systems and networks from theft or damage. A cyber attack can be devastating for your charity, causing a loss of data, stolen funds, and even fines and sanctions. But greater damage can be caused by the dent to your charity’s reputation and loss of trust.

 

Cyber breaches are common. The government’s Cyber Security Breaches Survey 2025 found that 30% of charities experienced a cybersecurity breach or attack in the previous 12 months – that’s 61,000 UK charities.

 

Here are ten ways to protect your organisation online.

 

 

Make sure passwords are strong

 

The National Cyber Security Commission (NCSC) recommends creating passwords using three random words and including special characters and numbers. You should avoid using three words that are linked (for example, ‘walkinpark’ or ‘onetwothree’) as well as words that are personal to you (such as the names of family members or pets).

 

The NCSC suggests using a different password for each of your accounts. It can be tricky to remember a lot of unique passwords, so they also recommend using a password manager to store them all securely in one place.

 

 

Use multi-factor authentication

 

Multi-factor authentication (MFA) uses two or more actions to enter a digital system, for example by entering a password and then a temporary code number. This extra layer of security helps to protect user accounts. The NCSC explains recommended types of MFA and we share tips on how to put MFA into place.

 

 

Defend against phishing

 

Phishing attacks are the most common type of breach, experienced by 86% of charities who experienced a breach or attack in the last year. They can be time-consuming to deal with and, with the rise of AI, are becoming increasingly sophisticated.

 

The best way to defend against phishing is to make sure your trustees, staff, and volunteers know how to spot a phishing email – and crucially, that they should never click on suspicious links or attachments.

 

For starters, try the NCSC’s free ‘Exercise in a Box’ on how to identify and report a phishing email. It only takes 15 minutes and is one of a series of micro exercises to help your charity get to grips with cyber security.    

 

 

Keep software up to date

 

Make sure your team knows how important it is to run the latest version of any software. Installing updates is referred to as ‘patching’ and is a crucial step to protecting your organisation from a cyber security breach. 

 

 

Use antivirus software

 

Antivirus software is often built into operating systems for all desktops and laptops. Make sure it’s enabled. Or take a look at the discounted options available through the Charity Digital Exchange that can help protect your charity against an attack.  

 

 

Check your firewall is turned on

 

Nearly every computer operating system has a software firewall. These act as a buffer between your network and external networks. Usually they’re turned on by default, but it’s still worth checking regularly to make sure they haven’t been disabled.

 

 

Back up your organisation’s data

 

Backing up means making a copy of your information and saving it to another device or to the cloud. The NCVO describes how to back up your data, and explains how automated backups save time and ensure you can access the latest version of files.

 

 

Keep devices physically secure

 

Cyber security includes keeping devices physically secure – for example, keeping a laptop with you at all times if working in a public place, or out of the view of a window at home or in the office. Also make sure you can track, lock or wipe devices if they are lost or stolen. Most devices include these tools for free, so check they are turned on. 

 

 

Invest in training

 

Cyber security training will help your staff and volunteers to understand what cyber security means and how they can keep your organisation safe online.

 

There are lots of courses available, and a good first step is the NCSC’s free online training course ‘cyber security for small organisations’. It explores five key areas of cyber security, as well as knowledge checks to help learners become confident about the practical steps they can take. We also outline free and paid-for cyber security training courses and resources.

 

 

Stay informed

 

Tech continues to develop rapidly, and with that comes new threats. That makes it important to keep up-to-date with the latest threats and how to protect your organisation. Read our article on cyber security threats to look out for in 2025 or, for more ideas on how to improve your charity’s cyber security, visit our Cyber Security Hub.