Cyber security breaches are a major risk for charities of all sizes - but small charities may be disproportionately-affected. What cyber security tools can they adopt?
Small charities make tempting and potentially easy targets for digital fraudsters, extortionists and other cyber criminals, and that’s because they often lack the resources that larger charities and businesses can devote to cyber security.
The good news for small charities is that there are a large number of cyber security tools that can reduce the risk of a successful cyber attack considerably, and many of these are available free or for a very small cost. Despite this, 44% of all charities don’t protect themselves with the right cyber security tools, as they don’t believe they are at risk.
Understanding the risks is vital for small charities, and many of these are outlined in the National Cyber Security Centre’s ’Cyber Security: Small Charity Guide.’ The most significant security threats are outlined below, along with the cyber security tools which can be used to provide security against these threats:
Ransomware
Ransomware is a type of malware which encrypts the digital data stored on a computer so that it can no longer be used, and then demands a ransom to restore the data to a usable form. A ransomware attack can be devastating to a charity, potentially putting a stop to its fundraising and other activities.
Tools to fight ransomware:
Software which is not up to date
When cyber-criminals find digital flaws in an operating system such as Windows, or in specific applications such as Word or Photoshop, they can often use these flaws to launch cyber-attacks on organisations such as small charities which may be using this software - until the flaws are fixed in a software update. That’s why it is vitally important that small charities keep their software up to date by installing updates as soon as they are available. It’s also good security practice to set the operating system and other software to update automatically or "check for updates when starting" whenever possible.
Tools to keep software up to date:
Poor password security
Many cyber attacks succeed because organisations use short or easily guessable passwords to protect their systems. Secure passwords are ones which are made up of a random mix of at least 12 upper and lower case letters and symbols such as ! and &.
The problem for computer users is that secure passwords are hard to remember, so the temptation is to use something simple like "monkey123" or "pa33word".
Tools to improve password security:
Lost mobile devices
Smartphones and other mobile devices present a significant security risk for small charities if they get lost or stolen because they frequently contain valuable information, they may be used to access charity databases, and they may be needed to log in to accounts which require users to enter a code which is sent by text to the device.
Tools to secure lost mobile devices:
Mobile device management software. Find My Device and Find My (formerly Find My iPhone) are two free mobile device management tools for Android and Apple devices respectively which allow users to remotely lock a lost or stolen phone, or even to delete all the information stored on it.
The device may still be at risk until the remote commands are issued, so it is important that mobile device users activate their devices’ automatic lock feature. This will prevent anyone finding a smartphone from accessing it without first providing a PIN, password, fingerprint, or facial recognition image.