Charity Cyber Security

In 2021, one in eight charities (12.5%) were victims of a cyber-attack according to a survey of 2,330 charities across England and Wales conducted by IFF Research.

The pandemic meant that charities were forced to gravitate towards online fundraising methods to enable them to continue operating during this time. In turn, this has increased charities’ exposure to cybercrime.

Less than a quarter of charities have a cyber security policy in place

Despite the fact that charities are more exposed to cyber threats as a result of the pandemic, the survey found that only 24% of charities had a cyber security policy in place to help prevent a cyber-attack. The Charity Commission has said that charities’ digital footprints will only continue to grow as the world becomes more digital which will increase their vulnerability to cyber-attacks. Just over half of the charities, (55%) said that cyber security is a fairly or very high priority. Importantly 51% hold electronic data records on customers.

The most common types of cyber-attacks that charities experienced were phishing and impersonation attacks. This is where the cybercriminal will impersonate an individual at an organisation via email in order to gain personal information.

Cyber security policies are a must-have

Implementing a cyber security policy should be a priority for charities and should not be near the bottom of the ‘to do’ list. Being exposed to a cyber security breach can be damaging to your organisation’s finances and reputation. During the pandemic, charities needed to adapt to remote working to keep up with the accelerated transition from cash to online fundraising. Operating online gave charities the opportunity to continue working during the pandemic and in some cases, it enabled them to operate more efficiently. However, charities moving into the online world does present increasing cyber threats and many charities do not realise how much data they have and how valuable it can be. Unfortunately, many cybercriminals understand how valuable this data is which makes charities more vulnerable to cyber-attacks. It is a common misconception that stealing data from a charity is unconscionable. This could explain why some charities may underestimate the importance of cybersecurity. However, most cybercriminals are only after monetary gain which is why it is more important than ever for charities to implement good cyber security practices to help reduce any exposure to potential cyber-attacks.

Training and awareness

A key element of cyber risk reduction is regular cyber security training and awareness courses. There are many of these online, including free options. Another widely used training method is the use of simulated phishing emails which are realistic but non malicious emails sent to staff to help create awareness, and reinforce training through regular reminders of the email phishing risks and how to assess them. When used as part of training rather than an attempt to “catch people out”, this can be very effective in reducing cyber risk and creating a good security awareness culture.

How can we help?

At Hawsons, we understand the importance of cyber security to all organisations. This is why we help our clients implement their own cyber security management system into their organisation. If you would like to find out more about this service, please visit our website at: https://www.hawsons.co.uk/cyber-security/