Cyber security is important for charities. Just as for businesses, a cyber attack can cause financial devastation and severe reputational damage.
It is reported that 98% of charities rate cyber security as ‘important’ and over 50% believe they are likely to fall victim at some point.
Worryingly, despite recognising the importance of cyber security, a recent survey found that charity leaders ranked it no higher than the third biggest priority in their organisation.
Why is the charity sector vulnerable?
Dealing with money and high volumes of valuable data, charities face the same cyber security risks as private sector organisations but could be easier to breach. Here are some reasons why:
- Many charities feel reluctant to spend money on cyber security measures ahead of front-line charitable work. A recent survey found that charities are less likely to employ into technical roles than businesses.
- Many charity workers are employed part-time which can impede their ability to absorb cyber security procedures.
- Research has shown that 64% of charities rely on staff using their own IT devices.
- Due to low income, charities are less likely to have cyber security insurance making the impact of an attack far harder to recover from.
The key cyber security threats for charities
The main methods of cyber attack charities need to remain vigilant for are not dissimilar to the threats posed to private organisations but may be perceived differently:
Phishing – through scam emails, SMS or phone call, hackers can influence victims into clicking malicious links or divulging sensitive information. The trusting nature of the charity sector and its volunteers can make these phishing attacks more successful than in other industries.
Fake websites – in 2021, £1.5m in donations was lost to fake charities. Although this method targets the public, charities suffer as they lose the trust of donators.
Ransomware – just as big a threat in the private sector as the charity sector, ransomware attacks are reported to be the most harmful threat in the UK today. Hackers will usually encrypt files and demand a financial ransom in exchange for their release. This technique is continually evolving and is now offered as a service (RaaS) by criminal groups to enable those less skilled to carry out the attacks too.
In 2022, the charity that underpins the Edinburgh Fringe Festival fell victim to a ransomware attack costing £95k despite cyber security measures working to minimise the impact.
How can charities improve their cyber security?
As the charity sector increasingly depends on technology and fundraising activities move online, the vulnerability of charities becomes more apparent. But there are steps that can be taken to protect them that won’t cost the earth.
#1. Consider the cloud for your data backups.
Backing up your data on the cloud can increase your cyber security tenfold. Not only is it harder for cyber criminals to access data stored on the cloud, but if you were to fall victim to an attack, your data could be restored quickly and easily – ransom demand or not.
#2 Keep all your IT up to date (patch management)
We know it can be frustrating when your device needs to update, but patching is essential for cyber security. As a proactive IT support provider, at Jupiter IT we provide patch management as standard with all of our support contracts – big or small. This means we’ll initiate all your software updates and do them at a time that’s convenient.
#3. Don’t use old IT equipment
Using old devices can be like leaving the door wide open and putting the kettle on to welcome a hacker. If you’re operating old systems, the chances are they are no longer supported with security updates. The thought of renewing your hardware can be financially intimidating but the impact of a cyber attack is likely to cost far more.
#4. Keep your smartphone safe
You probably don’t see your smartphone as a computer but if you access emails, store payment methods or even colleague contact details on it, it’s a vulnerability. Be sure your security settings are adequate with password protect switch on, remote data erase enabled, and updates maintained.
#5. Cyber security awareness training
With most charity workers and volunteers working part-time, keeping everyone updated cyber security risks and processes can be tricky. However, cyber security awareness training is important for the organisation and for them as individuals.
A communication platform, like Teams, is a great way to do it. It offers instant messaging and video calling for free, as well as other capabilities that make group communication simple.
More cyber security guidance for charities
For more tips and advice on cyber security for charities, The National Cyber Security Centre (NCSC) has pulled together a straight-talking guide for small charities with tips on how to tighten security quickly, easily and at low cost.
And if you’re looking for longer-term support, feel free to give us a call. We specialise in cyber security in both the private and charity sector and pride ourselves on your jargon-free, tailored advice.