Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Charity websites and cyber criminals

published on 2022-07-05 07:31:47 UTC by fionabail
Content:

Websites are essential in todays digital led world and for charities.

They have become a portal for supporters to keep up to date with what is going on, obtain donations but also communicate with those that need help. And all of the data that websites generate is precisely what cyber criminals want, and the website is an obvious starting point.

Volunteer signing to laptop screen

What could a cyber criminal do if they attack a website?

  • Steal data entered by users of the website. This could be login details, sensitive details from enquiry forms or payment details.
  • Change the content. This could be changing telephone numbers to redirect legitimate donors or cause distress by putting inappropriate content on there.
  • Upload a virus. If you have a portal which allows uploads, then you could be allowing files with malicious content to be sent to your server which then could infect your system. A ransomware attack on your server could stop your charity from being able to function and then you have the question of whether to pay or not.
https://www.youtube.com/watch?v=oFRaPX1nXDE

Common issues with websites

  1. Weak passwords so criminals just log in to your systems. If you want to know more about what a weak or strong password is, take a look at our short video.
  2. Your website isn’t updated with the latest security patches – criminals know when security patches are released and will look for those sites which haven’t been updated and therefore have a known security issue that they can exploit.
  3. Your website is vulnerable to SQL injection attacks – this is a technique where a criminal places malicious code into SQL statements via web page inputs and could potentially destroy your database!
  4. Your website is vulnerable to XSS (Cross-site scripting) attacks – this is where the criminal compromises the interactions that users have with your website or application.
  5. Your website has insecure direct object references – this is part of access control implementation mistakes which can lead to access controls being circumvented and a criminal able to access someone else’s data.
Drawing of someone puzzled

What can you do?

  • Speak to your website developer and ensure that security is at the heart of what they build for you.
  • Get a vulnerability assessment. The ECRC offers affordable web application vulnerability assessments. We work with university students who are trained and mentored to carry out the testing and provided you with a detailed report, but explained in plain English, so you understand what the risks are and what you need to do to fix them. Find out more here.
  • Make sure everyone involved in your website is using strong passwords and MFA when available.
  • Update your website, including all those little plugins, as soon as possible when a new release comes out. Most sites will have auto-update functionality so unless advised otherwise, use it so you don’t have to worry about.

Further Guidance and Support

The ECRC is a police-led, not for profit organisation which companies can join for free.

Our free membership provides:

  • Threat alerts both regionally and nationally
  • Signposting to free tools and resources from both Policing and the NCSC
  • Little steps programme – series of weekly emails which aligns to cyber essentials looking at bite-sized practical information to build cyber resilience
  • Discussion area to meet and discuss other companies

We're here to help - join us today.

The Eastern Cyber Resilience Centre logo
Article: Charity websites and cyber criminals - published over 2 years ago.

https://www.ecrcentre.co.uk/post/charity-websites-and-cyber-criminals   
Published: 2022 07 05 07:31:47
Received: 2022 07 05 07:34:56
Feed: The Eastern Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor