Cybersecurity for charities: managing risks

ramsac charity cybersecurity

Cybercriminals are opportunists, and charities often lack the resources to remain protected against the latest threats and risks online. Like all businesses, charities are increasingly reliant on IT to perform everyday tasks. But charities without a dedicated IT policy and less protection can be left vulnerable to malicious attacks.

In 2020, 26% of charities identified a cybersecurity breach. This has increased since 2018, where only 19% of charities reported a breach. The magnitude of an attack can range from data theft to financial information being stolen, amongst other risks.

So, what steps can charities take to ensure the safety of their data, including funds, donations, and employee information?

Main cybersecurity concerns for charities in 2021

Observed in the UK government’s Cyber Security Breaches Survey 2021, some major cybersecurity concerns for charities were identified.

1) Personal devices are used more frequently

BYOD (or Bring Your Own Device) involves using personal devices for work purposes, including laptops or phones. In charities that have casual working environments, this kind of policy is more relaxed. In fact, the report noticed BYOD has “historically been more prevalent in charities than in businesses”. This is even more common in charities where there is limited office space, resources, and budget.

In the 2021 Cyber Security survey, 67% of charities said staff regularly use their own device, and this is a growing trend in smaller charities.

2) Supplier risk awareness

Only a quarter of high-income (annual income of £500,000 or greater) charities had looked at the risks from immediate suppliers, and one in nine have looked at their wider supply chain. Charities overall show a lower risk awareness from suppliers, including immediate and wider supply chains. These kinds of risks vary from third-party access over IT systems to phishing attacks or viruses that originate from a supplier.

As charities tend to work with governing authorities such as local councils, they may assume they are safe. But supplier risks still pose a great threat to the security of a charity.

3) Backing up of data

Whereas 89% of businesses have some form of backup plan in place, only 68% of charities had a similar policy, despite over a third of charities holding payment data or similar. This demonstrates how charities are often lacking the technical cyber security controls that other businesses use as part of their protection.

Basic technical controls like password protection are common in charities and businesses alike. Yet, charities lack the depth of controls, covering vulnerable areas like data storage and user activity.

Charity donate cybersecurity

Managing cyber risks

Charities have a great responsibility when it comes to cyber security. Not only do they process large amounts of data, they also regularly receive monetary donations and, depending on their clients, may process large amounts of ‘special category data’. According to the ICO (Information Commissioner’s Office), this describes any confidential data that needs extra protection, such as data concerning health.

Special category data and financial data is highly valuable, and therefore more likely to be targeted. Whilst a large variety of data may be processed by a smaller charity, they are less likely to identify or know when to report a breach.

However, 51% of high-income charities have reported a breach, which matches the pattern of larger businesses.

In the 2021 Cyber Security report, it was shown how charities have been targeted more frequently by ransomware attacks, viruses, spyware, and malware when compared with other businesses. This is because of the type of data they collect and store.

For example, the highly reported Blackbaud attack of 2020 affected thousands of supporters of charities and historic institutions across the UK. Among its victims were Crisis, a homeless charity, as well as other high-profile charities like Sue Ryder, Young Minds Myeloma UK, and more.

Steps charities can take to support cyber security

Regardless of size, charities have a responsibility with any data collected, stored, or transferred. This involves good cyber security practice, including risk assessments and regular patching.

BYOD security

Using personal devices involves risk, as the vulnerability to malware is managed by the user of the device. However, steps can be taken to secure the device, such as:

  1. Configuring ‘Find My Device’ or similar. This can be used to secure the device and erase it from your administrator panel. It can also help you find a lost or stolen device.
  2. Add Biometrics onto your device. Fingerprint is the most secure here, as Face ID can be bypassed.
  3. Ensure your device still has regular security patches released. If your device is old, then you will need to replace it to ensure security levels are maintained.
  4. Use a password management system to keep your passwords stored securely rather than on a notes page or similar.

Using Backups

While nothing sophisticated needs be used, cloud backups are not only useful in the case of a broken device, they also help to protect your data. If you’re not currently using a cloud system, it’s a virtual way of storing data rather than relying on physical storage, such as a USB stick. You send data to the cloud, which it holds, and when you want to access the data, you simply login and download it.

The increase in ransomware is blistering and backup is an essential risk mitigator. Having a good strategy for your backup, including holding physical offline copies, known as air gapping, is essential to keep your company running in case of ransom attacks.

Secure passwords to save data

Password creation and storage requires management and skill. Remembering multiple passwords can be a challenge, and therefore charities often use weaker passwords to make it easier to remember. Use a paid for password manager to help with this. Here at ramsac we use Password Boss to save passwords, both at an individual and a company level.

Outsourcing your cyber security

ramsac is an expert in cyber security and offers outsourced security and protection for charities, non-profits, and more. We know that charities often have complex requirements, and our specialist team is on hand to provide reliable support regardless of what you need.

Related Posts

  • What is cyber insurance and do you really need it? 

    What is cyber insurance and do you really need it? 

    Cybersecurity

    Cyber insurance can mitigate a business against damages and financial loss caused by a cyberattack. But what does cyber insurance cover? Find out here. [...]

    Read article

  • The importance of supply chain cybersecurity and risk management 

    The importance of supply chain cybersecurity and risk management 

    Cybersecurity

    Supply chains are areas of increasing cybersecurity risk. What is the exact problem, and how can you address it? Discover this and more in our latest blog. [...]

    Read article

  • Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

    Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

    Cybersecurity

    ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 [...]

    Read article

  • Measuring cyber resilience & your human firewall

    Measuring cyber resilience & your human firewall

    Cybersecurity

    Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best [...]

    Read article

  • Celebrating Cybersecurity Awareness Month

    Celebrating Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How cybercrime costs the UK economy nearly £27B every year

    How cybercrime costs the UK economy nearly £27B every year

    Cybersecurity

    Cybercrime costs claims nearly £27 billion of the UK economy almost every year. Cybercrime has only become more common, affecting many industries. Read more. [...]

    Read article