Charities are becoming increasingly aware of the target on their backs due to storing personal records and sensitive data and having a lack of funding to put towards cyber security protocols. With this realisation, many are investing in cyber-attack prevention tools, like anti-virus software and enhanced training.

However, people often neglect the fact that cyber-attacks cannot be blocked 100% of the time, and occasionally attacks will slip through the gaps. In these cases, there must be a reliable and tested Cyber Security Incident Response Plan that can be followed.

The Cyber Breaches Survey 2022 reported that:

“boards tend to trust and defer the finer details of a cyber security approach to their IT teams (in the case of larger organisations) or third parties and external providers (in the case of smaller organisations). This is because there was a low level of knowledge of the technical details of cyber risks and how to manage them at senior management and board level.”

This shows the importance of understanding your IT and Cyber position to avoid issues caused by lack of technical knowledge.

What's an Incident response plan and why do I need one?

Similar to fire escape plans, companies must also develop incident response plans. The ECRC has a free incident response plan template for businesses to use which explains why they need it but also the key considerations they should be thinking about.

Unfortunately, the first time that an organisation discovers they need an Incident Response Plan often coincides with the realisation that they don’t actually have one. The plan itself is simply a document containing the details of key personnel who you can contact if you are worried that you have been victim of a cyber-attack. It also contains key information to help you move through the various stages of containment and then recovery.

Having a good response plan means that you are more likely to come through the experience more quickly and efficiently and with less of your systems exposed to the hack. And the responsibility for establishing and maintaining a plan is down to the business owner and not the managed service provider you use for your IT.

So, what should my charity do now?

Here at the centre, we would advise you to do three things now:

1. Download your free incident response plan template today and provide a process that will help your charity to respond effectively in the event of a cyber-attack.
2. Join our free core membership by clicking here. You will be supported through implementing the changes you need to make to protect your business and your customers.
3. We would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. As a free member we will take you as far as the CE accreditation process. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.
4. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Report a phishing attack

If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phising.gov.uk

Text messages can be forwarded to 7726