Hijacking a charity’s social media channel gives a criminal instant reputation and the ability to collect funds for their own pockets rather than those charities are set up to protect.
And criminals aren’t using the most sophisticated and technical strategies to get into systems, they are logging in, using employee’s own passwords.
According to Verzion 80% of hacking-related breaches are linked to passwords making them a key target.
Most people have a company email address which is going to be something like jo.bloggs@mycharity.co.uk and this is frequently used as the username as well. So, with a little bit of research most people could figure out someone’s username.
Passwords are a little bit harder to guess, but research has shown that we are creatures of habits and there are a few things we all seem to do.
Criminals can create lists of these common passwords and then try the username/password combination to try and gain access to your systems.
But they don’t just create these lists themselves, they harvest previously known passwords from other criminal’s data breaches, which is why the last statistic above is particularly important. If a password ends up as part of a data breach, then you must assume that everyone knows it, meaning you can’t use it anymore.
No.
57% of charities have a password policy that ensures users set strong passwords according to the Cyber Security Breaches Survey 2022. But that means that 43% of charities aren’t!
And only 19% of charities say that they have had training or awareness raising sessions on cyber security in the last 12 months.
So how are your employees and volunteers supposed to know what a strong password looks like, if you aren’t telling them, or giving the tools to enable them to follow best practice?
The Eastern Cyber Resilience Centre is a not-for-profit organisation, run by policing, with the intention of increasing cyber resilience of SMEs and third sector organisations within the East of England.
Our members can benefit from a range of services, from helping you improve your cyber resilience through our “little steps” programme to being notified about the threats relevant to you.
Why not join our community today?
It’s completely free, with no strings or sales pitches attached.
Policing led – business focused.
Click to Open Code Editor