Protect your Charity from Cybercriminals

There are three main types of attacks used against small charities, ransomware (malware), phishing and identity theft.

  • Ransomware is a type of malware that threatens to publish your organisation’s data or block access to it unless a ransom is paid.
  • Phishing is a form of fraud in which a cybercriminal pretends to be a reputable company, charity or person in an email in order to gain access to sensitive information or to try and get someone to open a malware link.
  • Identity theft in this context is where a cybercriminal attempts to impersonate an organisation or worker from that organisation in emails or online in an attempt to get supporters of that organisation to reveal sensitive information to them or open a link.

How to protect your charity

Identify the information that is vital to the running of your charity. This could be supporter info, bank details, volunteer details etc. Make sure this data is backed up regularly so that you can recover a recent version of it in case of a ransomware attack. To find out more about how to back up your data visit this link https://www.ncsc.gov.uk/collection/protecting-bulk-personal-data .

Make sure Antivirus Software is installed on your computers and check that it is turned on.

Update your software regularly. Set your devices to automatically update so you are always running the latest version of the software.

Strong passwords are one of the easiest ways to protect your data and systems from cybercriminals. Passwords should be easy to remember and hard to guess so overly complex passwords are not essential. For example, P4$$W0rd is one of the easiest to guess despite being quite complex. It should be something which is unique to you, different for each account/service and not shared with anyone. For advice on how to create a strong password visit https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0 .

Phishing Attacks

Be cautious when responding to emails to avoid falling victim of a phishing attack. Some tips to spot phishing emails include…

  • Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official looking emails by including logos and graphics. Is the design (and quality) what you'd expect from a credible, large organisation?
  • Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
  • Lookout for emails that appear to come from a high-ranking person within your organisation, such as a trustee or manager, requesting a payment is made to a particular bank account. Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?
  • If it sounds too good to be true, such as a large donation in return for banking details, it probably is. It's most unlikely that someone will want to give you money, or give you access to some secret part of the Internet.

The National Cyber Security Centre has published a cyber security guide for small charities which is available here https://ncsc-content.s3.eu-west-1.amazonaws.com/Cyber%20Security%20Small%20Charity%20Guide%202.pdf