The latest cyber security threats to charities
Charities account for a significant portion of the economy, and the contribution they provide only continues to grow. According to estimates in the Charities Aid Foundation Report 2020, over £5 billion was donated to charities in the UK in 2020. Many people are doing their part to help those in need, which is a positive development. When you consider that vast sums of money are transacted in this sector, along with sensitive personal data, it makes for a highly lucrative target for cyberattacks. However, only half (58%) of charities believe that cybercrime poses a threat, according to a recent survey by the Charity Commission.
Considering that a third of charities suffered cyberattacks during the Coronavirus pandemic, this is an unusual response by nearly half of the charity industry. As these organisations’ critical services cannot be interrupted, decision-makers must take a proactive approach to cybersecurity. It is impossible to ignore the potential impact of a data breach – damage to reputation, financial losses, and loss of productivity in serving those in need.
Here are some of the common cyber threats to consider as a Not-for-Profit organisation:
Charity organisations ought to understand the common forms of cyber threats, beginning with phishing attacks. The aim of hackers is to trick unsuspecting users into interacting with a fake website or downloading malware that can steal sensitive information or money. Email phishing campaigns are most frequently conducted, but SMS phishing campaigns have gained popularity in recent years. The campaign uses branding largely similar to the company they are imitating, making them difficult to identify. The number of phishing attacks throughout the year is consistent, but hackers are opportunistic and will take advantage of high-profile events or disasters to increase their attacks.
All organisations, not just charities, need to protect themselves from insider threats. To gain access to any unprotected computer systems, an unskilled hacker needs only exploit a vulnerability. Rather than compromising systems or data, an insider attack involves an employee giving a hacker access to the organisation’s systems and information by accidently giving out their passwords. As research results suggest that insider data breaches are set to increase by nearly 10% this year, charities need to be vigilant about who has access to which systems. The use of multi-factor authentication when logging in will help prevent weak password attacks. It is important to only give employees access to areas of the system that they need thus preventing a full system hack.
Issues in the cloud
Since the pandemic forced workers out of the office, charities were similarly impacted. In response, many organisations have implemented cloud computing and other digital transformation technologies. Most people were able to continue working from home due to the cloud powering applications and storing data online. Cybercriminals became aware of this and began exploiting vulnerabilities and weaknesses within the cloud. Indeed, there has been a 630% rise in cloud-based attacks since 2020.
Getting on the security track
In order to keep your charity safe from common cybersecurity threats, make cybersecurity a priority by getting everyone involved, and document all your processes. Your charities’ data can be better protected with greater awareness. In order to protect your data from attacks, keep an accurate inventory of your data and go beyond the compliance checklist to address information security.
In addition, have foundational security measures in place. As a first step to ensuring the safety and stability of databases and sites, updating Operating Systems is crucial; hardening systems with VPNs, antivirus, and firewalls is also important. In this way, systems are protected against attacks. Security assessments identify vulnerable points so that appropriate action can be taken. Provide an email management system with a tool or service that can protect staff from being phished. Keep up to date with software updates; software updates help increase security. Additionally, anti-malware tools should be used across the organisation to proactively scan for threats and prevent their installation.
Finally, determine whether your organisation has backup procedures in place. You can use a secondary device such as an external drive or the cloud to back up data stored on an internal hard drive. The following are some key aspects of the backup process that charities need to consider:
- Attackers will try to locate backups and delete or encrypt them.
- It is necessary to keep backups offline so that they don’t get compromised.
- A good backup strategy would be to run full daily backups of critical systems.
You may want to consider consulting with an expert to figure out your security gaps if understanding cybersecurity is challenging. As the Charity Commission recently revealed, cybercriminals have stolen over £3.5m from charities over the past 12 months, therefore the charity sector can no longer downplay cybersecurity. Charity organisations must take a proactive approach to cybersecurity by allocating the necessary resources to protect systems as cyberattacks become more prevalent. Don’t hesitate to contact us if you want to speak to one of our m-hance experts about how to be better protected.