top of page

Avoid giving cyber criminals a spare rod and bait to reel in your charities data

Charities by their very nature, hold a huge amount of information that is attractive to hackers. The information held by charities often includes personal, sensitive, and financial data that when in the hands of a cyber criminal can be sold, held at ransom, or used to steal funds.

Cyber criminals often get hold of this information via the infiltration of malware on a computer system or electronic device such as a smartphone or tablet. Malware is software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system or device.

Ransomware is a type of malware that is designed to block access to a computer system until a sum of money is paid. If your charity fell victim to a ransomware attack, the cyber criminals behind it will threaten to publish your charity’s data or perpetually block access to it unless a ransom is paid. If a ransom fee is paid, there is no guarantee that data will ever be returned to you.

Another method that cyber criminals will use to obtain information is Phishing, not to be confused with fishing and being stood on a river bank with bait and a rod. However, the principle of hooking something valuable is applicable.

The Cyber Security Breaches Survey for 2021 revealed that Phishing is the most identified cyber-attack for charities. Among the 26% identifying any breaches or attacks, 79% had phishing attacks, 23% were impersonated and 17% had malware (including ransomware).

Phishing is when your employees are contacted by email, telephone or SMS by cyber criminals posing as a legitimate person or organisation. The fraudulent company or individual will them lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords.

The NCSC’s guidance for charities will help you take action to protect your charity from malware attacks, here are some basics you can action today to get things started:

1. Backing up your organisation's data correctly

2. Protecting your organisation against malware

3. Keeping the devices used by your employees secure

4. The importance of creating strong passwords

5. Defending your organisation against phishing

View the full Small Charities Guide from the National Cyber Crime Centre


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page