Devious tricks to defraud small charities through online attacks have been exposed in the first ever threat assessment for the sector, along with guidance about how to defend against possible risks. The work by the National Cyber Security Centre (NCSC), a part of GCHQ, will give the sector more help than ever before to defend itself from the most common cyber attacks. There are almost 200,000 charities registered in the UK and the NCSC’s Cyber Threat Assessment reveals how their valuable funds, supporter details and information on beneficiaries is being targeted. Alongside the assessment, the NCSC has also published the Small Charity Guide to outline easy and low-cost steps to protect from attacks. It includes expert advice that is particularly useful for small organisations on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks. Alison Whitney, Director for Engagement at the NCSC, said: “The National Cyber Security Centre is committed to supporting charities and we strongly encourage the sector to implement the advice outlined in our guide. “Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat. “That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets, and reputation.”
The report finds that cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example listed details how a UK charity lost £13,000 after its CEO’s emails were hacked to send a fraudulent message instructing their financial manager to release the funds. The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission. Charities have also been encouraged to join the NCSC’s free Cyber Information Sharing Platform (CiSP) to exchange threat information in a secure and confidential environment. The assessment and report have been well received by the sector, with heads of influential bodies praising the NCSC’s work. Helen Stephenson Chief Executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber crime for criminal purposes or personal gain is particularly damaging and shocking. “The threat assessment confirms what we often see in our casework – unfortunately charities are not immune to fraud and cyber crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust. “We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.” The UK Government’s behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online. The Cyber Aware Perceptions Gap Report has also been published, demonstrating common misconceptions that are preventing people from protecting their online security. You can see the NCSC’s Cyber Threat Assessment here, the Small Charity Guide here and the Cyber Aware Perceptions Gap Report here.