Ukraine and the increased need for cyber security

The Russian invasion has brought hardship and suffering to millions of people in Ukraine. The repercussions of the war also reach far beyond Ukraine’s borders, and this has some serious cyber security implications for charities of all sizes.

The National Computer Security Centre (NCSC) has warned that organisations face heightened cyber security threats due to the war, so it is important that your charity considers what it should do in response to stay safe.

The NCSC is not currently aware of any specific cyber threats in relation to the invasion, but past crises such as the recent pandemic provide clues as to the kinds of threats that charities should be on their guard against.

Fake charity appeals

Criminals often take advantage of current events for their activities, so there is little doubt that they will attempt to use the catastrophe unfolding in Ukraine to make money. A likely approach will be to pose as a charity launching a fundraising appeal for Ukraine.

That means it is important to be vigilant for fake websites which use your charity’s name in order to trick people into making donations. It may be prudent to contact your donors to inform them of any fundraising initiatives you have for Ukraine, to warn them about the possibility of fake websites, and to tell them how they can make donations to your charity safely.

A more worrying threat is that scammers may try to access your donor database in order to contact your donors directly and ask for donations through a fake website or bank account. The most likely way for them to get access to your donor details is by sending phishing emails to your staff, so it is important to raise awareness of the increased threat from phishing emails.

Malicious attacks

It is also possible that certain foreign governments or activists loyal to those governments may wish to disrupt the activities of charities that have activities or fundraising campaigns directly related to providing assistance in Ukraine. Possible methods could include launching distributed denial of service (DDoS) attacks and infecting computer systems with ransomware or other malware.

Denial of service attacks involve attackers overwhelming an organisation’s servers by directing huge amounts of internet traffic to them. There are a number of ways to protect your charity against such attacks, but most of them are fairly technical. For that reason it might be sensible to ask your charity’s internet company or website hoster for advice on the best measures to take.

The best way to protect against ransomware and other malware is to ensure that your endpoint protection software is working and up to date. There are also specific anti-ransomware products that you could consider installing. Since it is not possible to eliminate the possibility of a ransomware attack, it also makes sense to reduce the impact of a ransomware infection by taking regular data backups.

General cyber security measures to consider

At a time of heightened cyber security threat, your charity should also take the following cyber security actions:

Check your software is up to date 

Many criminals exploit known vulnerabilities in popular software, taking advantage of the fact that some organisations are slow to install updates or security patches which fix these vulnerabilities.

So now is a good time to check that all of the software your charity uses is up to date. There are many patch management products available which can help you do this by taking an inventory of all the software on a computer – or a whole organisation – and notifying you if any are not up to date.

Cloud-based software, also known as software as a service or SaaS, is updated automatically by the software provider.

Check you endpoint protection is working properly

Since this software is a key line of defence against many types of malware it is vital that it is running on every computer in your charity, and that it is up to date. There are a number of ways that you can check that it is running properly including downloading an EICAR test file.

This is a harmless file which endpoint protection software should detect. If your software does not detect it then you may need to reinstall your endpoint protection software or investigate whether your computer is already infected with malware.

Check your backups

Backups are key to getting your charity up and running again in the event that it falls victim to a ransomware attack. Three things to check are that:

• Your backups are actually working. You can test this by trying to restore data from a backup
• You have a backup stored offline in case you need to restore your data quickly without having to rely on an internet connection
• You are backing up everything that you need. Your recovery plans can be rendered useless if you discover that you have forgotten to backup a certain vital data source

Ensure your access control is effective

This is a fancy way of saying that passwords are important. You should check that all charity staff members are using strong passwords and that they are not using the same password to access different accounts or services.

A strong password is one which is difficult to guess and ideally should be made up of a long sequence of random upper and lower case characters, special characters such as £ or !, and digits.

Since strong passwords are difficult or impossible for most people to remember it may be useful to encourage staff to use a password manager.