What Small Charities need to Know to Protect against Ransomware Attacks

_ National Cyber Security Centre_


We’ve all seen the headlines- big businesses and even the NHS have been targeted by cyber criminals, encrypting their entire systems and demanding a ransom. But you’re not big enough for criminals to be bothered with, right?!


Actually, over a quarter of charities experienced a cyber attack in the last twelve months, and small organisations that lost data or assets in an attack reported an average loss of over £8000 as a result (1)


Cyber criminals find a way to get into a network or computer most commonly through phishing, brute force password-guessing, or finding a vulnerability that hasn’t been patched. (patching is how updates fix any weak-spots in the system)


Then, once into the network, they get as much access as possible, deleting or encrypting back-ups they find along the way.


They might have been inside your network or computer for several days before you find out anything about it, and if they manage to find sensitive data they might even upload it to potentially share on the Dark Web. They will typically run their ransomware on a Friday evening, so they get more time to encrypt everything before anyone notices.


Then, on Monday morning…





Ransomware attacks have the most devastating impact to their victims. You can’t stop 100% of attacks, but there are some things you can do to cut your chances of it happening to your charity, and reducing the impact if it does ever happen to you.


Back-Up On to the Cloud

Make sure you have at least one back-up of the data you care about, separate to your network. Cloud storage, or backing up on to any storage device you can then disconnect will help. If you are then a victim of a ransomware attack, it will really help you to recover.


Turn off Remote Desktop Protocol (RDP)

Working from home can have its advantages, but it can make you more vulnerable to ransomware attacks, especially via Remote Desktop Protocol. Not sure what this is? Well, it's the procedure used to help people access your network remotely, which has been particularly essential since the beginning of the pandemic. Even if you don’t use RDP, it may be automatically enabled so you really do need to check. If you aren’t sure how to do this, the NCSC’s Early Warning service can let you know (see more details below).


Half of all ransomware attacks have been successful by getting access through RDP, so it is really important that you find safe ways to work from home.


If you can’t function without using RDP, make it harder to get through by using multifactor authentication MFA Guidance, and encourage everyone to use strong passwords Three Random Words

Patch Patch Patch

If possible, ensure that everything that connects to your network automatically downloads updates. We know updates can be a pain, but they're really useful as they patch up vulnerabilities that criminal can use to access your data and sensitive information. If you have members of staff using their own laptops or devices, make sure that they update these regularly to ensure that they have the same level of protection



Get Everyone Cyber Aware

The Top 2 ways that criminals get into networks are via phishing messages, or by hacking passwords and getting in remotely.


If a staff or volunteer member clicks on a dodgy link or uses their cat’s name as their password, you’re making life much easier for those criminals. However, we are all human and it can happen, so encouraging an open and honest culture will mean they are more likely to report if anything looks suspicious.


This free training is perfect for smaller charities, and you can share it with all volunteers and staff members Top Tips for Staff e-learning


For larger organisations, this free training for staff and volunteers will give them the information they need to understand more Cyber Security for Small Organisations


Use NCSC Free Tools

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not a