The Charity Commission recently revealed that charities have reported being victims of fraud or cybercrime 645 times, resulting in £3.6 million total losses since the UK went into lockdown in March. However, due to cybercrime being unreported, the total loss is thought to be significantly higher.
More concerning is the findings of a recent survey by Ecclesiastical Insurance which reported just half (52%) of the 200 charities they surveyed have a cyber security plan in place.
Charities by their nature tend to be very trusting and don’t always realise the value of the personal data they hold. With more and more charitable donations being made online, charities hold a significant amount of personal information including people’s bank accounts and card details. No matter how small or large the charity, they will hold data a cyber-criminal wants to steal.
We know there have been incidents of charities in the West Midlands region being targeted, so having a cyber security plan in place is absolutely essential. Whilst the initial cost of a successful cyber-attack can be high, the long-term impact on loss of confidence from supporters of a charity can be devastating.
A recent high-profile case which hit the media affected charities including the mental health group Young Minds, terminal illness charity Sue Ryder, Breast Cancer Now, Crisis and The National Trust.
The breach came via a service provider Blackbaud, who provide the charities with a service used to raise donations from millions of people. It’s feared bank account information and users' passwords were stolen by hackers.
This shows that as well as attacking individual charities, cyber criminals also target organisations that supply charities with various services. When deciding on what services need to be bought in, the cyber security of the supply chain is just as important as the charity itself.
Smaller charities in particular rely heavily on volunteer support and often those volunteers will have access to charities systems and files via various digital devices such as their own laptops and mobile phones. A charity may have the best cyber defences money can buy, but it only takes one volunteer or employee to click a link in a suspicious email and the cyber-criminal is in.
Charities can also work with one of the centres Trusted Partners to achieve Cyber Essentials or Cyber Essentials Plus certification. Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks. It is also something to consider when appointing suppliers.
Our Head of Cyber Innovation, Hinesh Mehta suggests taking the following steps to help your charity start to improve their cyber resilience:
· Sign up for our free core membership
· Get your charity Cyber Essentials certified
· Make sure you have a cyber security plan in place
· Provide cyber security training/guidance to all staff and volunteers
· Make sure all your software is up to date and patched
· Download the Small Charity Guide from the National Cyber Security Centre
As well as membership packages, the WMCRC also offers a range of cyber security services including Security Awareness Training, designed for those with little or no cyber security or technical knowledge. The training can be delivered to small groups of charity employees and volunteers and will give them the knowledge and confidence to challenge when something doesn’t look right.
Sign up for a free core membership today and one our team will contact you to see how you got on with the tools and guidance provided and see what, if any additional help you might need.