The latest cyber security threats to charities

Malicious Word documents

Ransomware attacks have been a problem for several years now and the ICO data shows that these are still a very real problem for charities. Research from Symantec reveals that the file types most commonly used by cyber criminals to infect users’ computers with ransomware (and other malware) are .doc, .dot, and .exe files, which may be included as attachments in phishing emails, or as links which users click on to download them.

It’s worth noting that .exe files (denoting that they are executable files, or programs) are almost never sent in emails legitimately, so charity workers should be trained never to click on any file with a .exe file extension. Similarly, it is unusual ever to encounter a .dot file (a Microsoft Word template file), so these should also be treated with extreme caution.

But the biggest problem is .doc files. These are Microsoft Word documents and they are often attached to legitimate emails. That’s why it is essential to train staff to treat any .doc files they receive with extreme caution. Staff should only open them if they are expecting to receive them and they are sure of the sender.

Insider threat

The security incidents arising from unauthorised access to charity computer systems is interesting because people tend to imagine that these are the result of highly skilled cyber criminals hacking into charities’ systems by finding and exploiting software vulnerabilities.

But the disturbing truth is that charities are susceptible to ‘insider’ attacks, where their own staff are responsible for passing on account passwords or other data to criminals. Even more worrying is the fact that the opportunity for insiders to operate is much greater when staff are working and have access to charity data from home. Forrester Research expects insider data breaches to increase by almost 10% in 2021 compared to 2020, accounting for about a third of all cyber security incidents.

Cloud attacks on the rise

Another result of the pandemic is that many remote workers are using applications and storing data in the cloud from home, and cyber criminals have been quick to exploit this fact: cloud-based cyber attacks rose by more than 600% in early 2020 as cyber criminals looked to exploit this.

Cloud accounts are still being targeted, and charities that have not already should prioritise putting additional security measures in place, such as implementing two-factor authentication for cloud accounts, especially for cloud accounts accessed from home.

Another security measure that charities should consider is a system called Secure Access Service Edge, or SASE (pronounced “sassy”).  The concept of SASE was introduced by Gartner just before the pandemic struck. SASE is essentially a type of security-as-a-service offering, enabling remote workers (and office-bound workers) to connect to a SASE hub, where many different security measures such as next generation firewalling, sandboxing, data loss protection, cloud access security broker (CASB) functionality, and much more can be applied.

From there, charity staff are connected to their cloud services, keeping them more secure than if they had connected to the cloud service directly from home, with only their endpoint protection software to keep them secure.

We are likely to hear much more about SASE in the coming months, but in the short-term one of the best things that charities can do to prevent cyber security incidents is to ensure that all their staff and volunteers have received cyber security training and are aware of what to look out for. A good place to staff is the NCSC’s cyber security e-learning package which was published late 2020.