Help protect your charity online
On an very snowy day in London at the beginning of March, The National Cyber Security Centre (NCSC) launched Cyber Security: Small Charity Guide at The FSI Skills Conference. We were thrilled with the response, particularly the rush to collect a guide after the plenary speeches.
One of the most common questions we get asked when we attend events to talk about the guide, is why should small charities prioritise this over all the other things that need to be done, from delivering your services, balancing the finances, managing staff and volunteers, implementing GDPR…the list goes on. Ultimately its for you and your trustees to decide on your priorities, but we hope this blog and guidance will help you see how important but also simple and free or low cost it can be to improve your charity’s cyber security
“We’re trying to cure cancer, why would anyone attack us?”
In the UK, you’re now 20 times more likely to be robbed while sitting at your computer than in the street. We don’t mean you need to keep one eye on your colleagues trying to pickpocket you, it’s the criminals around the world who are only a computer cable away that you need to be wary of. While our assessment of the threat to charities didn’t find any new or existential threats to charities, it did find that many charities, big and small are falling victim to a range of attacks that are also affecting businesses and citizens alike. What we do know, is generally cyber criminals don’t distinguish between private sector and charities, money is money at the end of the day.
There have been a number of publicly reported attacks against charities over the last year or so, we’ve picked a couple to show you how charities are being affected;
A small charity lost £13,000 after an email purporting to be from the CEO was sent to the finance manager instructing them to release the funds. This kind of attack is incredibly common, and plays on our human instinct to be helpful. Most people receive fraudulent or ‘phishing’ emails on a regular basis, some are filtered out by anti-virus or spam filters, but some do get through. By taking a couple of seconds to check its legitimate you could save yourself a lot of money if it turns out not to be.
At the other end of the spectrum from the example above, the summer of 2017 saw a series of local hospices in the North of England and Scotland suffering huge losses of up to £500,000 in one case, after being tricked into transferring the money to criminals. A loss of that size, could be devastating to a small charity, particularly at a time when budgets are already tight.
And finally, probably the best known cyber attack of 2017 was Wannacry. You’ll probably remember it as the attack which nearly “crippled the NHS”. However, it was much more widespread than that, in total over 400,000 machines fell victim to the attack, ranging from big multinational companies, the NHS, local hairdressers, and importantly charities of all sizes. An update with defences for this attack was released by Microsoft 59 days before it started, if everyone made sure updates were being installed regularly this attack would never have become as widespread as it did.
Simple and free or low cost – helping protect your small charity
We know that charities have numerous competing priorities for their time and money, which is why the Cyber Security: Small Charity Guide has 5 simple and free or low cost steps which you can do to significantly improve your charity’s resilience, they are:
- Make sure you back-up your important information and data
- Ensuring you have strong passwords and are storing them securely
- Protecting your mobile devices, such as laptops, tablets and mobile phones.
- Avoiding phishing attacks where people trick you into clicking links/dodgy attachments
- Protecting your charity from malware by turning on antivirus and other protections.
The guide talks you through each of these 5 steps, giving you simple actions to take, which can be as simple as ‘install and turn on anti-virus’ or ‘make sure you install updates on your phone or tablet’.
Following the steps in the guide will make a substantial improvement to your small charity’s cyber security, and by doing so, not only are you protecting the charity’s assets you are also showing your supporters and beneficiaries that you take the security of their data and donations seriously.