What are the cyber security essentials for charities?

The National Crime Centre tells us that cyber crime continues to rise in scale and complexity, affecting businesses, charities and private individuals alike. It costs the UK billions of pounds, causes untold damage, and even threatens our national security. 

 

Charities are particularly vulnerable to cyber attack because they often lack resources to provide robust security, modern equipment, and staff training. On top of that, charities are reliant upon volunteers who may be using their own devices, personal emails and lack security awareness.  

 

Many charities handle frequent and varied financial transactions as well as sensitive data which is attractive to criminals and, if breached, can lead to regulatory issues and litigation. 

 

Criminals attack charities via the internet in the same way as they attack other organisations, seeking to steal information and money, deliver ransomware into their network or access their email account to impersonate them.   

 

Ransomware is a specific type of malware that encrypts the files on your computer so that you cannot use them. The files cannot be decrypted without a mathematical key known only by the attacker, thus holding your data to ransom. If you want to access your work again, you are likely to be asked to pay the attacker via an untraceable crypto-currency payment. 

 

Criminals will also try to access the organisations that supply services to the charity to gather information to launch a bigger, more targeted attack. Since the pandemic, more charities than ever have moved their services online and their volunteers to working remotely.  

 

This means that the ways to attack charities over the internet have multiplied; it is a crucial time to have some robust cyber security in place. 

 

 

How Cyber Essentials can help 

 

The Government’s Cyber Essentials scheme, delivered by the IASME Consortium on behalf of the National Cyber Security Centre (NCSC), can help charities implement five essential controls that can reduce the impact of common cyber-attack approaches by up to 80%.  

 

Many charities got started on their journey by working their way through the Cyber Essentials Readiness Tool. The Readiness Tool is a free, online tool accessible in the form of a set of interactive questions on the IASME website.  

 

The process of working through the questions will inform charities about their current level of cyber security and what aspects they need help addressing. Based on their answers, organisations will be directed towards easy-to-understand guidance and be presented with a tailored action plan and detailed guidance for your next steps towards certification.  

 

Based on data from charities who have been using the Readiness Tool, the signs are very encouraging. Seven in ten small charities have started working on all five Cyber Essentials controls and just need to tweak their processes to be ready to certify. More than four in five had changed all default passwords and 91.5% have at least one anti-malware protection in place.  

 

Nonetheless, some pain points have been identified where charities have been confused or found implementation difficult. To help charities prepare for certification, guidance has been created to shed some light on these specific areas.  

 

For example, further guidance on applying multifactor authentication to accounts, and creating policies for Bring Your Own Device and Remote Working can be found on the IASME Cyber Essentials Guidance for Charities web page.  

 

 

Charity Cyber Essentials Awareness Fortnight 

 

Charity Cyber Essentials Awareness fortnight takes place between 7 and 18 November 2022. Throughout the fortnight, IASME will be offering support and guidance as well as a discount to the price of certification to help charities achieve Cyber Essentials, in partnership with selected Certification Bodies around the UK and Crown Dependencies. 
 
During November, IASME will continue to work closely with the National Cyber Security Centre to educate charities about the cyber threat they face and inform them about the benefits of Cyber Essentials.  

 

You can find out more details about the charity fortnight and special offer here and access charity-specific Cyber Essentials guidance here. If charities are ready to become cyber certified, they can also find participating certification bodies here.