Cyber security: time to raise awareness

Charities particularly vulnerable

The sad truth, though, is that charities are actually at particularly high risk of becoming victims of cyber crimes. One reason for this may be that they are seen as easy targets for cyber criminals. Hackers know that many charities are struggling to raise money and provide services, therefore cyber security is unlikely to be foremost in their minds.

Charities are also particularly vulnerable to cyber attacks and online financial scams because of the very nature of charities. There is a vital layer of trust that goes through the whole charitable sector and unfortunately while this makes charities so valuable and helps to inspire confidence in others, this trust also makes the sector uniquely vulnerable.

Another issue is the makeup of charity workforces. Many charities rely on large numbers of volunteers, but this can make it hard to ensure that everyone has had adequate cyber security training. A well-meaning, but not very tech-savvy volunteer is an attractive target for a cyber criminal’s phishing emails, for example.

Security needn’t cost the earth

So what can charities who feel that they have inadequate cyber security do to start to address the problem?

The first thing to think about is some simple maths: the cost of taking some simple but effective preventative measures now is less than the cost of taking these measures plus the cost of a cyber security breach after one has occurred.

The next thing to think about is that many important cyber security measures cost very little or even nothing at all. Others may involve purchases that are normally expensive but which are available at a heavily discounted rate from the Charity Digital Exchange.

People make charities secure

One more thing that’s important is to realise that security starts with people. That means training staff – including volunteers – to help them avoid making security mistakes such as clicking on malicious links in emails or falling victim to a phishing attack.

It’s also important to help all staff to recognise when something looks or feels not quite right, and to give them the confidence to report it to the appropriate person in your organisation. It also involves ensuring that all charity board members and trustees are aware of cyber security risks and why it is vital that they get given the attention they merit.

Cyber security quick wins

In terms of practical steps that small charities can take, a good first step is to take a look at the National Cyber Security Centre’s Cyber Security: Small Charity Guide. This offers some key actions that charities can take such as:

• Ensure all computers are running anti-virus software (also called endpoint protection software). Suitable anti-virus software such as Avast Business Antivirus and Bitdefender GravityZone Business Security is available at low cost or free from the Charity Digital Exchange
• Install software updates as soon as they are available. Most software updates include security fixes which can prevent known cyber security attacks. Ensuring that software is kept up to date costs nothing and makes life significantly harder for cyber criminals
• Use two factor authentication (2FA) if it is available. Again, switching on 2FA is a very effective security measure that usually costs nothing