In today's interconnected digital world, the risks of data breaches and cyber threats loom large. These risks spare no one, not even altruistic organisations like charities. If anything, cyber criminals look at charities and not-for-profits as an easy target. They often hold very sensitive data, such as beneficiaries’ health data, or financial details of donors and supporters. They are also often under-funded, under-resourced and insufficiently trained to shield themselves from attack. 30% of UK charities reported cyber-attacks in 2022.
For charitable organisations a cyber-attack isn't just a technological setback; it can undermine the very essence of their existence. Beyond tangible financial losses, the erosion of trust from donors, beneficiaries, and the broader public can be monumental. Given this backdrop, here's a look at how charities can fortify their cyber defences and ensure they can continue to provide the services and support that are needed now more than ever.
Understand the Risks: To combat a foe, one must first understand it. Charities should be aware of the myriad cyber threats out there, from the deceptive phishing emails to the crippling ransomware attacks and insidious data breaches. Recognising and categorising these threats is the first step towards building a customised defence strategy. The National Cyber Security Centre has produced a guide for small charities.
Regular Training & Awareness: Knowledge is the cornerstone of defence. Schedule cyber awareness training for new starters and regular refreshers for those already trained. Beyond just imparting knowledge on cyber hygiene, this training should instil a sense of responsibility and vigilance in every individual. The risks of engaging with dubious links, the significance of robust, unique passwords, and the broader implications of a breach should be emphasised. It is much easier for criminals to gain access to your data by targeting your workers and 95% of successful cyber-attacks involve a significant element of human error.
Update & Patch Regularly: Technology is ever-evolving, and with each update, previous vulnerabilities get patched. Charities must be proactive in ensuring all their software and digital tools are current. Hackers and criminals thrive on exploiting out of date software, so this simple measure can prevent a multitude of potential assaults. This is one of the most important actions you can take to keep your charity safe online.
Implement Multi-Factor Authentication (MFA): MFA is like adding an extra bolt to your door. It demands multiple verifications before granting access. So, even if a criminal gets hold of a password, MFA stands as a formidable barrier, denying unauthorized access.
Backup Data: The importance of backing up critical data cannot be stressed enough. Establish a routine where essential data is periodically backed up both offline and in a secure cloud environment. Should there be a cyber incident like a ransomware attack or data corruption, these backups are your safety net.
Limit Access: Adopt a 'need-to-know' policy. Not everyone in your organisation needs access to all data. Implement role-based access controls to ensure that staff and volunteers only have access to the information they need.
Employ a Firewall: A firewall is a computer network security system that restricts internet traffic in, out, or within a private network. Think of firewalls as digital guards scrutinising incoming and outgoing traffic, ensuring malicious agents are kept at bay. Search online for details of free firewalls.
Anti-Virus Software: Where a firewall looks to keep anything malicious from getting access to your systems, anti-virus software detects anything that has got through and eliminates it before it does any harm. With the increase in home working and many charities allowing staff and volunteers to use their own devices, there is a heightened risk that their devices could become infected through poor cyber controls, subsequently infecting your charities systems and providing access to cyber criminals. Always encourage your workers to install anti-virus software on their own devices as there are many free packages available.
Use Secure Payment Systems: For donations or any financial transactions, use trusted and secure payment gateways. Avoid storing financial data unless absolutely necessary and always ensure it's encrypted. Details of how to encrypt your data can be found online.
Regular Security Audits: Periodically review and assess your charity's cyber security measures. Regular audits can identify vulnerabilities before they're exploited.
Establish a Response Plan: Hope for the best, prepare for the worst. Despite best efforts, data breaches and successful cyber-attacks can still occur. Have a well defined response plan in place. This ensures that, in the event of an incident, the charity can act promptly to mitigate damages and notify affected parties.
Stay Informed: Cyber threats are continually evolving. Stay informed about the latest cyber threats and trends. Subscribing to cyber security news sites or joining forums can be a good start.
Collaborate & Share: The charity sector is a community. Collaborate with other charities and organisations. Sharing experiences and insights can provide valuable lessons and preventive strategies that everyone can benefit from.
Conclusion: Cyber security is not a one-time initiative but an ongoing commitment. While it might seem daunting, especially with limited resources, the consequences of neglecting this are far graver. By embracing these best practices, charities and not-for profits can continue their invaluable work, knowing they are safeguarded against the digital threats of the modern age.
Take a look at our cyber awareness training today: VSL Learning’s cyber security awareness eLearning training will provide your charity workers with non-techy practical steps that they can take immediately to significantly reduce the risk of your organisation being hit by a successful cyber-attack. Our training is designed and priced specifically for charities. Find out more at https://www.vslcompliance.com/cyber-security-charities.