Insights
INSIGHTS
All Topics
Cyber security: time to raise awareness
22 Apr 2021by Paul Rubens
Too many charities only take precautions after an attack. That needs to change – and fast
Most home owners don’t protect their property with burglar alarms until after they’ve been burgled. For the same reasons, the organisations with the best cyber security measures in place are often the ones that have fallen victim to hackers in the past.
The question, then, is why are charities and other organisations waiting until they get hacked – with all the costs associated with this – before they tighten up their cyber security? Why not do it before hackers strike?
A significant proportion of charities don’t protect themselves adequately because they don’t feel at risk – perhaps because they are small, perhaps because they are a charity. After all, who would steal from a charity?
But cyber criminals are simply after money. They don’t discriminate between money belonging to charities or other organisations, or between large charities or smaller ones. Indeed, they may well prefer to target smaller charities, as smaller organisations may have less effective cyber security measures in place.
Need for action
The majority of charities are aware that cyber crime is a major and growing risk. But there is a disconnect between awareness of the risk on the one hand, and knowing what steps they should take to minimise this risk on the other.
There may also be a feeling of helplessness at some organisations. After all, when leaders of small charities see stories on TV about major cyber security breaches at large corporations, there is inevitably a feeling of “if they can’t protect themselves from hackers, then how can we?”
COVID-19 has also made things considerably more difficult for certain charities. Many are fighting for survival, concentrating on regenerating fundraising activities, restarting services, and looking after the welfare of their staff.
Protecting charity assets and spending money on cyber security in this context may seem like a luxury that these charities feel they cannot afford right now.
Related Articles
Charities particularly vulnerable
The sad truth, though, is that charities are actually at particularly high risk of becoming victims of cyber crimes. One reason for this may be that they are seen as easy targets for cyber criminals. Hackers know that many charities are struggling to raise money and provide services, therefore cyber security is unlikely to be foremost in their minds.
Charities are also particularly vulnerable to cyber attacks and online financial scams because of the very nature of charities. There is a vital layer of trust that goes through the whole charitable sector and unfortunately while this makes charities so valuable and helps to inspire confidence in others, this trust also makes the sector uniquely vulnerable.
Another issue is the makeup of charity workforces. Many charities rely on large numbers of volunteers, but this can make it hard to ensure that everyone has had adequate cyber security training. A well-meaning, but not very tech-savvy volunteer is an attractive target for a cyber criminal’s phishing emails, for example.
Security needn’t cost the earth
So what can charities who feel that they have inadequate cyber security do to start to address the problem?
The first thing to think about is some simple maths: the cost of taking some simple but effective preventative measures now is less than the cost of taking these measures plus the cost of a cyber security breach after one has occurred.
The next thing to think about is that many important cyber security measures cost very little or even nothing at all. Others may involve purchases that are normally expensive but which are available at a heavily discounted rate from the Charity Digital Exchange.
People make charities secure
One more thing that’s important is to realise that security starts with people. That means training staff – including volunteers – to help them avoid making security mistakes such as clicking on malicious links in emails or falling victim to a phishing attack.
It’s also important to help all staff to recognise when something looks or feels not quite right, and to give them the confidence to report it to the appropriate person in your organisation. It also involves ensuring that all charity board members and trustees are aware of cyber security risks and why it is vital that they get given the attention they merit.
Cyber security quick wins
In terms of practical steps that small charities can take, a good first step is to take a look at the National Cyber Security Centre’s Cyber Security: Small Charity Guide. This offers some key actions that charities can take such as:
- Ensure all computers are running anti-virus software (also called endpoint protection software). Suitable anti-virus software such as Avast Business Antivirus and Bitdefender GravityZone Business Security is available at low cost or free from the Charity Digital Exchange
- Install software updates as soon as they are available. Most software updates include security fixes which can prevent known cyber security attacks. Ensuring that software is kept up to date costs nothing and makes life significantly harder for cyber criminals
- Use two factor authentication (2FA) if it is available. Again, switching on 2FA is a very effective security measure that usually costs nothing
More on this topic
Recommended Products
Featured Products
Our Events
Digital Fundraising Summit 2024
For the sixth year in a row, we're bringing back an action-packed event filled with Digital Fundraising insights from the charity and tech sectors. Join us on 7th October 2024 for a free, one-day online event featuring informative webinars and interactive workshops.
© 2022 Charity Digital Trust. All rights reserved
We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
