Line of Duty and charity cyber security

The fight against charity cyber crime

As internal infrastructure crumbled in Line of Duty, the OCG were able to carry out their criminal activities with more and more ease. Lockdown has had a similar effect on cyber security. Mix mass remote working with less focus on cyber security and an increase in cyber activity, and you’re left with a sector that has never been so vulnerable.

So, how do we protect ourselves from cyber threats? Unlike the show, not every charity has their own AC-12 and while it may not be possible to have the whole crew, each organisation can benefit from a Ted, Steve, Kate, or Chloe, among others.

The people at the top

CC Philip Osbourne, DCC Andrea Rise, and DCS Patricia Carmichael

Some of the most frustrating characters on Line of Duty were the officers in positions of power that didn’t put the time and effort into eradicating ‘bent coppers’.

They didn’t want to believe that there was a problem and viewed the search for bent coppers as a hindrance to general police work. This sentiment is shared throughout the charity sector when it comes to cyber security. Most leadership teams know about it and know the risks, yet they don’t carry the belief that they will ever be affected.

The East Midlands Police hierarchy were also worried about how acknowledging police corruption would affect trust. A brush under the carpet tactic that would backfire.

As every officer served a Reg-15 notice has the right to be questioned by an officer at least one rank above, you as a charity leader have the right to protect your stakeholders. Failure to protect your charity from cyber criminals can lead to a breakdown of trust with staff, donors, and services users. In addition, it can lead to the loss of data, earnings, and even criminal proceedings that can seriously damage your organisation.

A great way to start is by doing the NCSC cyber essentials certificate.

The unknowing accomplices

Lindsay Denton, Jo Davidson, John Corbet, Tony Gates, Danny Waldron, Roz Huntley, and Maneet Bindra

Conversely, a lot of fan favourites were the morally ambiguous police officers that unintentionally found themselves on the wrong side of the law. Through poor decisions, bad experiences, or in some cases no fault of their own they found themselves committing or being coerced into committing acts against their character.

It’s the amazing staff that work for charities that serve on the front line of charity cyber security. One in five charities were targeted by online criminals in the last year, with 80% of charity breaches occurring from phishing.

Fraudsters specifically target charities because staff and volunteers often receive less online security training than employees in for-profit organisations. Simple training on how to spot phishing attacks can greatly reduce the likelihood of your organisation being victimised.

But cyber training is not a case of one and done. The landscape is continuously changing and cyber-aware leadership teams should be running regular sessions and sharing resources to keep cyber security front of mind throughout your organisation.

The NCSC, Home Office and organisations like ourselves are always releasing new content and training to help charities keep up to speed.

A lot like Lindsay Denton’s pursuit of Danny Waldron’s list, as a member of staff in any role of a charity, you can be the cyber security flag bearer for your organisation. It can be hard to get leadership to take cyber security seriously, but as Danny showed, it just takes one person to start a revolution.

Charity employees can help bring managers, CEOs, and boards to the table by telling them what they need to know. Educate them on cyber threats and how they can get help setting up cyber strategies through the likes of the NCSC.

The Gaffer

Superintendant Ted Hastings

At the very least, every organisation should have a dedicated person or team responsible for leading the fight against cyber security. This could range from one person to an IT team, a Data Protection Officer, or a Chief Technology Officer.

Ted Hastings, The Gaffer, is the leader of AC-12 and is relentless in his pursuit of eradicating police corruption. Yes, he has issues, as we all do. But his commitment to the cause trickles down to his team. He provides them with training, support, and guidance which ultimately helps keep their goal front of mind, even when there’s lots of other moving parts.

Line of Duty tells us that organisational buy-in to cyber security needs strong leadership. Having a leadership team dedicated to keeping you, your charity, and your users secure means you’ll be “sucking diesel” when it comes to protecting yourself from cyber criminals.

Your charity’s online Armed Response Unit

It’s important to marry good leadership with the right tools. And it always helps to go into an operation with a solid and effective ARU.

DI Kate Fleming is your organisation’s threat intelligence software. In Line of Duty, the tenacious DI often works undercover and provides valuable information back to her team to help progress investigations and rumble the baddies. Like Kate’s importance to her team, having threat intelligence software can help monitor and even stop criminals before they start. The software monitors leaks of employee credentials such as passwords and emails online. It flags findings and allows you to make the necessary changes to stop the hackers before they have a chance to launch an attack. it is a sophisticated tool that matches the current sophistication of today’s cyber crime.

DI Steve Arnott has been the most dogged and durable of all the AC-12 officer since the very beginning. He has often been the unit’s first line of defence and leads the charge against most of the suspects. Love or hate his methods, every team needs a Steve, and every organisation needs Antivirus. Steve is to anti-corruption what antivirus is to charities, a firewall, anti-spam, smart scan, and more all rolled into one. Having all your employees and your devices fitted with anti-vrus software is the first line of protection against cyber criminals. A robust antivirus software can protect you from all types of Malware mentioned earlier – keeping out your Dots, your Hiltons, and even the most aggressive of OCG members. And it doesn’t have to cost as much as a full-time copper either, you can get our Avast subscriptions from £6 per user – “Cheers mate!”

DC Chloe Bishop and DC Georgia Trotman may have been supporting parts in the show, but they were integral to the investigations carried out by AC-12. They are overlooked but invaluable members of the fight against crime. In a charity’s cyber security setting these are your password managers, your VPN, your multi-factor authentications (MFAs), and your patch updates. Again, these aren’t particularly expensive tools, there are many free and low cost versions of password manager out there like Okta and Dashlane. Microsoft and Google both offer their own MFAs for emails and files. And most security software companies offer a patch management tool to support your antivirus. Like good AC-12 teammates, the more of these tools you can add to your arsenal, the better equipped you are to fend off potential criminals.