Now that’s not a phrase that anyone would want to hear but it could be one that a charity experiences if they become a victim of a DDoS (Distributed Denial of Service) attack.

DDoS attacks are on the increase and although a charity might not seem to be the first choice for a cybercriminal, they might get caught in the crosshairs for a number of reasons such as disagreeing with policies/tactics, a personal grudge against a member of staff or for purely monetary purposes.

What is a DDoS attack?

This is where so much traffic gets directed to your website that your site becomes overwhelmed and legitimate users can’t access the site’s resources, effectively stopping your website from working.

Think of it like a traffic jam. If everyone you know tried to get to your house at the same time only the first few cars are likely to be able to make it. The ones at the back who left 5 minutes later have no chance in reaching your front door and speaking to you.

DDoS attacks usually present themselves as a slowing or crashing of your network or website, which costs time, money and reputation.

Can you protect yourself from these attacks?

DDoS attacks are notoriously difficult to prevent as the attackers don’t need internal access to the network and the attack is from the outside focused inward. But the key points for protection to remember are:

1. Know your network's traffic. A free tool that we can recommend here is Police CyberAlarm | The Eastern Cyber Resilience Centre (ecrcentre.co.uk)
2. Create a Denial-of-Service Response Plan within your incident response plan Tools | Eastern CRC (ecrcentre.co.uk) – one of the areas covered within the Cyber Essential (CE) Program
3. Make your network resilient and practice good cyber hygiene – using CE principles
4. Scale up your bandwidth. The greater the bandwidth the more effort a DDoS attacker will have to make to crash your site. Moving your operation to the cloud may help.
5. Take advantage of anti-DDoS hardware and software. Speak to your Managed Service Provider (MSP) if you have one.
6. Make sure all staff know the symptoms of an attack and respond quickly to it using your plan.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.