In October this year, on the run up to Charity Fraud Awareness Week, the Charity Commission released a report on the state of charity cyber security in the UK. It did not paint a very positive picture

• One in eight charities (12%) had experienced cybercrime in the previous 12 months.
• Only 24% having a formal policy in place to manage the risk
• Over half of charities (51%) held electronic records on their customers, while 37% enabled people to donate online.
• Only a third (34%) of affected charities reporting breaches when they occurred.

Amie McWilliam-Reynolds, Assistant Director Intelligence and Tasking, from the Charity Commission said:

"Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations. This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated.

But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk and are therefore exposing their charity to potential fraud."

She added

"We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face, and of the advice and guidance available to support them in protecting their charity from fraud."

These findings and comments are not from the Cyber Security industry but from the organisation that regulates and supports the whole charity sector – the bottom line is that doing nothing is not an option, so you need to do something now. And for all charities in the region, joining the Eastern Cyber Resilience Centre – a police led company - should be right at the very top of your list.

Timeline for change – 90 days to protect your charity

January is the perfect month for all of us to turn over a new leaf and set some new targets for ourselves and the organisations in which we operate. So set yourself a realistic 3-month target to bring in real change into your organisation. Identify someone (or a number of people) within the charity to take the lead in all things cyber and fraud and get the ball rolling now.

January 2023

• Join our community for free . You will be supported through implementing the changes you need to make to protect your organisation.
• Start the free Little Steps program which will help you identify your current vulnerabilities and offer guidance about how you can make yourself more resilient online. And it prepares you for Cyber Essentials (see later)

February 2023

• Make yourself aware of the free tools and services that you can access through the centre, such as the Small Charity Guide
• Keep going with Little Steps
• Contact us to speak about how you can access free services through our connections with local policing. Our regional Police Protect teams can provide you with free staff awareness sessions and other services. Or have a look at our in-house staff awareness training package – spotting a phishing e-mail early will prevent a lot of pain further on down the line. This is a high-quality affordable service provided by our own trained undergraduate cyber students.

March 2023

• Take a look at the First Step Web Assessment service and find out what you need to do next to make your charity a no-go zone for cyber criminals. This service is aimed at anyone with a website, and particularly those with an e-commerce portal. Protect yourself and your customers from scammers and fraudsters!
• Keep going with Little Steps – you’ll be approaching the end of the initial program, at which point you may wish to speak with one of our partners to become Cyber Essentials accredited. This government backed scheme reduces the likelihood of falling victim to a cyber attack by more than 60% and comes with a free cyber insurance bundle worth £25000.

And the rest of the year…

As a member of our free community, you will receive regular threat updates, invites to webinars, events, and blogs and much more.

We know that running a charity or a business isn’t just about cyber security, but it needs to become a priority in order to protect the important work that you all do.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).