The last 18 months has brought on some major challenges for everyone across the charities sector. While so many charities have moved their staff to remote working and become more digitally aware, sadly, we face more challenges from criminals operating online.

Staying secure online should be a priority for every charity. To help you keep on top of important security measures and keep your data out of the hands of hackers. We’ve developed this three-step security checklist to start your cyber security journey and help secure your data.

1. Review your Privacy Settings
2. Keep your email account secure
3. Keep devices secure when working from home

Review your Privacy Settings

This is very important to avoid exposing unnecessary information about you or your charity. It’s prudent to revisit your devices and social media account privacy settings and make sure these settings are in line with any security & device policies you have in place.

Privacy settings for Devices:

If you've just bought a new device, or haven't looked at your security settings for a while, you should take some time to make sure you're protected against the latest threats. Fortunately, most manufacturers provide easy-to-use guidance on how to secure your devices.

• Apple
• Google (Android)
• Samsung
• Microsoft

Privacy settings for Social Media:

• Facebook: basic privacy settings and tools
• Twitter: how to protect and unprotect your Tweets
• YouTube: privacy and safety
• LinkedIn: account and privacy settings overview

Keep your email account secure

We found that email account compromise was the most common breach against charities in the North West and phishing is the most commonly identified cyber attack against charities. So keep your email account secure with the following tips:

• Make sure you have 2-Step Verification enabled on your accounts.
  • Update your recovery phone number and email address.
• Make sure you have a strong, unique password on all your email accounts - don’t reuse the same password on multiple accounts!
• Remove or disable any unused browser extensions.
• Never give out your passwords - An email provider will never ask for your password in an email, message, or phone call.
• Check any suspicious emails.
  • Do the email address and sender name match?
  • Are there spelling and grammar errors?
  • Does the email contain a veiled threat that asks you to act urgently?
  • If it sounds too good to be true, it probably is.
  • Forward any suspicious emails to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Keep devices secure when working from home.

• Set your updates to install automatically - keep your browser, operating system and apps up-to-date.
  • Remember to remove or disable any unused apps.
• Make sure you are locking your screens if you are leaving your device left unattended.
• Keep a backup of any important data in the cloud or use a removable storage device.

Top Tip - When browsing a website, make sure the page is secure by checking that the web address begins with ‘HTTPS’ (‘s’ is for secure) and there’s a closed padlock in the address bar. This means that the page is secure, but the site could still be operated by fraudsters.

For further information regarding the help and support, we can offer your charity or voluntary organisation you can view our dedicated page for charities. Don't forget you can sign up for free Membership today and if you have any questions, contact us today.