The Head of the National Cyber Security Centre, Lindy Cameron, sums up the current cyberthreats to charities in the 2023 NCSC Cyber Threat Report on the charity sector:
More charities are now offering online services and fundraising online, meaning reliable, trusted digital services are more important than ever. During the Ukraine crisis, we saw more criminals taking advantage of the generosity of the public, masquerading as charities for their own financial gain. Cyber-attacks affecting services, funds or compromising sensitive data can be devastating financially and reputationally, potentially putting vulnerable people at risk. The NCSC continues to support this vital sector and encourages all readers of this report to implement the guidance within it.
Here at the Eastern Cyber Resilience Centre, we couldn’t agree more. But where do you start?
You could begin your cyber resilience journey by reviewing your organisations approach to passwords since they are a key component in protecting your charity’s integrity and data.
The below graphic represents the time it would take for a cybercriminal to hack (brute force) a password using current technological capabilities.
Passwords should ideally be in the green section of this table, but if one of your current passwords is in another colour - do not worry. We would just advise that change it to something more secure and unique. With the rapid advancements in processing power, areas in the orange section may look secure right now, but it the next couple of years, they may become much weaker.
The NCSC recommend use three random words followed by punctuation to create a secure and unique password. To find out more about passwords guidance, click here.
Two Factor Authentication (2FA) and Multi Factor Authentication (MFA) are incredibly useful in protecting your systems, accounts, and devices.
2FA and MFA are essentially two or more methods that can verify your identity. A cybercriminal may be able to crack your username or password, but they do not have your fingerprint, Face ID, or your mobile phone to authorise a log in attempt on a mobile authenticator app.
2FA follows the idea of using a combination of two of ‘Something you know’, ‘Something you have’, and ‘Something you are’. So, you might have a password that you have remembered, a physical identification token like a badge, and a fingerprint scanner. Often times the ‘something you have’ will take the form of a different device, like a mobile phone, in order to verify your identity when connecting to services online.
By enabling MFA across your systems, accounts, and devices you are providing an additional layer of defence to protect you from a cyberattack.
The Eastern Cyber Resilience Centre is a police company that was established to help charities and small businesses to become more resilient to the threats posed by criminals in the online world. We offer free membership to any organisation or person who wishes to join – so sign up now and take advantage of everything we have to offer. After that…
You can contact the Cyber Resilience Centre for guidance and support through our e-mail or use our online booking system to make an appointment with one of our team.
Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Click to Open Code Editor