Disappointingly, and perhaps only somewhat surprisingly, charities are the victims of cyber-attacks almost as frequently as commercial businesses. In fact, according to the Cyber Security Breaches Survey 2021, 26% of charities reported they had a cyber breach in the last six months. As there are currently 169,000 registered charities in the UK, there is the potential for cyber-attacks to happen to a large number of charities (and their Trustees).
There are a few reasons charities are at risk, and are often targeted, by cyber-criminals.
As well as the potential financial cost, lost earnings, and data, the reputational impact of a cyber incident can be severe to a charity. As a consequence, they may well need legal support, technical help with managing the internal and external response to the incident, and reputational management.
Consider the people the charity supports and the potential consequences of that data being in the wrong hands. Let’s consider the example of a successful cyber-attack at a domestic abuse charity, in which stolen data may be used to identify a victim. The victim may then have to move for their safety, which could include children having to move schools, causing further distress and disruption to them. The stolen data may also identify volunteers or employees of the charity, which also puts them at risk (if a perpetrator believes that they are responsible for keeping their loved ones from them).
Of course, not all risk to individuals exposed during a data breach is life-threatening but it’s still important. For example, consider donors to your charity: their personal and/or financial information could be stolen, which could cause disruption and harm to them.
Firstly, educate everyone in your organisation. We can’t emphasise just how important this is given that anywhere from 82% to 95% of all successful cyber-attacks are due to human error. Training against cyber-attacks is the best way to fight against cybercrime after strengthening the general cyber-security of the charity.
Secondly, consider obtaining Cyber Essentials Plus. This is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, that will help you put measures in place to protect your organisation, regardless of size or sector, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware and phishing.
We can signpost you to one of our trusted partners, who can help you through the process of gaining the Cyber Essentials Plus certification. They are all official providers, registered with the recognised Industry body, IASME, and based locally within the West Midlands. This ensures that you’ll be able to receive high-quality and reliable support in securing the certification. [mi3]
If you’d like to find out more about protecting your charity against the rising threats of cybercrime, or Cyber Essentials, contact us today.
Click to Open Code Editor