Cybersecurity For Charities: Protecting Against Phishing And Other Cyber Threats

In the run up to Cyber Awareness Month this October, a ransomware attack on Save The Children has highlighted the threat to charities from hacker groups and malicious individuals. In September 2023, the ransomware gang Brian Lian stole 6.8 TB of data, including sensitive financial, health and medical data, and email messages from the children’s charity.

In today's digitally connected world, charities play a pivotal role in making a positive impact on society. Yet, as they rely increasingly on technology for fundraising, donor management, and communication, they become prime targets for cyber threats. In this blog post, we'll explore the realm of cybersecurity in the context of charities, with a focus on the ever-present danger of phishing and other cyber threats.

WHY CHARITIES ARE AN ATTRACTIVE TARGET FOR PHISHING ATTACK?

These organizations handle sensitive information, making them attractive targets for cybercriminals who seek to exploit vulnerabilities.In April 2023, several Northern Ireland based charities were impacted by a cyber-attack on Derry IT, an IT firm which manages data for approximately 140 organisations in Ireland and Britain. Among those whose data was compromised were several who work with victims of sexual crime.

Cybercriminals often deploy phishing attacks against charities. These malicious campaigns involve deceptive emails or fraudulent websites designed to trick employees or volunteers into revealing sensitive information or transferring funds unwittingly. Charities are particularly vulnerable to phishing attacks due to their online presence and continuous engagement with donors and supporters. Falling victim to phishing can result in severe consequences, including financial losses, reputational damage and legal consequences.

Ransomware is another significant threat. Malicious software that encrypts data and demands a ransom for its release can cripple a charity's operations. Without access to critical data, such as donor information or financial records, charities may struggle to function effectively.

While most employees of charitable organizations are dedicated and trustworthy, insider threats are another risk charities must mitigate against. Disgruntled employees or volunteers with access to sensitive information can pose significant risks.

Securing Your Charity Against Cyber Threats According to the Cyber Security Breach report 2023, just 27% of charities have completed a cyber risk assessment in the last 12 months, and only 17% of charities have trained staff in cyber security.

By implementing the steps below, you can help keep your charity secure.

REVIEW AND IMPLEMENT BASIC CONTROLS

Putting basic cyber security controls, such as cyber essentials certification can help you lay the foundation for a strong cyber security posture. Cyber Essentials is a free UK government backed scheme that helps organisations start to think about cyber security, what they already have in place and how they can strengthen their cyber security measures.

EDUCATIONAL EMPOWERMENT

Provide cybersecurity education for all personnel involved with your charity. Teach them to recognise phishing attempts and stress the importance of secure password practices.

KEEP SOFTWARE CURRENT

Maintain up-to-date software, including operating systems and dedicated security software, to patch known vulnerabilities.

EMBRANCE ENCRYPTION

Encrypt sensitive data during both transit and storage. This safeguards your information against unauthorised access and theft.

CONTROL ACCESS

Implement strict access controls to limit who can access sensitive data. Ensure that employees and volunteers have only the access necessary for their roles.

BACKUP AND RECOVERY PLANNING

Establish robust backup procedures and a solid disaster recovery plan. These preparations enable swift data restoration in the face of ransomware attacks or data breaches.

PREPARE FOR INCIDENTS

Develop a comprehensive incident response plan outlining actions for several types of cyber incidents. A well-structured response can mitigate the damage inflicted by an attack.

Charities serve as beacons of hope in our society, making a significant difference in the world. Nevertheless, in this digital age, they confront substantial cybersecurity challenges, particularly concerning phishing and other cyber threats. By proactively securing their data and systems, charities can continue their vital work while minimising the risks posed by cybercriminals. Like any other organisation, remaining vigilant and prioritising security should remain a priority in the face of ever evolving digital dangers.

If you need support or advice with your cyber security, you can contact us for a free consultation call. You can also explore our subscription options or our individual services such as cyber essentials certification here.