Charities play a crucial role in our society and in every community and must protect themselves from the potentially “devastating” consequences of cybercrime, NCSC warned in a Cyber threat report on the UK Charity sector published last week. Charities would be more vulnerable to cyber crime than private firms and public bodies if overstretched staff and volunteers did not have time to “absorb security procedures”.
Helen Stephenson – Chief Executive, Charity Commission for England and Wales – advises that taking steps to stay secure online is not an optional extra for trustees, but a core part of good governance.
With a combined annual income of £83.8bn, you can understand why they are such an attractive target. The charity sector faces the same cyber risks as private sector and government organisations, but there are some reasons why charities could be particularly vulnerable to cyber attack.
Like any other organisation, charities are increasingly reliant on IT, and cyber criminals make no distinction between charities and business. They often rely on supplier organisations to handle financial transactions, or to provide technical support. Even if a charity is not targeted, these organisations in their supply chain may be.
Cyber threats may not come from direct attacks on charities, but they could still be affected. It is common, especially for smaller charities, to outsource the responsibilities for running, maintaining, and securing their IT and data to specialist support companies.
Charities may also share data with external organisations and cyber criminals and other groups may be able to gain access to charities’ networks and/or information through these companies.
Key takeaways on how to improve your charity’s cyber security
- Read and implement the NCSC’s guidance that has been especially created for charities
- Improve your staff (and volunteers’) cyber awareness by using the NCSC’s staff training resources
- Consider using the NCSC’s Active Cyber Defence services, which can provide a range of automated protections, free of charge, to charities
- Make sure the charity’s board understands its responsibility regarding cyber security, and knows what questions to ask National Cyber Security Centre 13
- Use Cyber Essentials, a government-backed scheme that will help protect your organisation from cyber attacks (and convince potential donors that you take cyber security seriously)
Methods is part of NCSC’s Cyber Essentials Scheme, provided through the IASME Consortium, able to assesses organisations’ ability to protect themselves from the most common cyber threats, and reassures their stakeholders that cyber security is taken seriously.
If you would like more information on how we can help, then please contact us to have a conversation.