Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042


Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

Cybersecurity for Charities: Managing Risks

Cybercriminals are opportunists, and charities often lack the resources to remain protected against the latest threats and risks online. Like all businesses, charities are increasingly reliant on IT to perform everyday tasks. But charities without a dedicated IT policy and less protection can be left vulnerable to malicious attacks.

In 2020, 26% of charities identified a cybersecurity breach. This has increased since 2018, where only 19% of charities reported a breach. The magnitude of an attack can range from data theft to financial information being stolen, amongst other risks.

So, what steps can charities take to ensure the safety of their data, including funds, donations, and employee information?

Main cybersecurity concerns for charities in 2021

Observed in the UK government’s Cyber Security Breaches Survey 2021, some major cybersecurity concerns for charities were identified.

1)   Personal devices are used more frequently

BYOD (or Bring Your Own Device) involves using personal devices for work purposes, including laptops or phones. In charities that have casual working environments, this kind of policy is more relaxed. In fact, the report noticed BYOD has “historically been more prevalent in charities than in businesses”. This is even more common in charities where there is limited office space, resources, and budget.

In the 2021 Cyber Security survey, 67% of charities said staff regularly use their own device, and this is a growing trend in smaller charities.

2)   Supplier risk awareness

Only a quarter of high-income (annual income of £500,000 or greater) charities had looked at the risks from immediate suppliers, and one in nine have looked at their wider supply chain. Charities overall show a lower risk awareness from suppliers, including immediate and wider supply chains. These kinds of risks vary from third-party access over IT systems to phishing attacks or viruses that originate from a supplier.

As charities tend to work with governing authorities such as local councils, they may assume they are safe. But supplier risks still pose a great threat to the security of a charity.

3)   Backing up of data

Whereas 89% of businesses have some form of backup plan in place, only 68% of charities had a similar policy, despite over a third of charities holding payment data or similar. This demonstrates how charities are often lacking the technical cyber security controls that other businesses use as part of their protection.

Basic technical controls like password protection are common in charities and businesses alike. Yet, charities lack the depth of controls, covering vulnerable areas like data storage and user activity.

Charity donate cybersecurity

Managing cyber risks

Charities have a great responsibility when it comes to cyber security. Not only do they process large amounts of data, they also regularly receive monetary donations and, depending on their clients, may process large amounts of ‘special category data’. According to the ICO (Information Commissioner’s Office), this describes any confidential data that needs extra protection, such as data concerning health.

Special category data and financial data is highly valuable, and therefore more likely to be targeted. Whilst a large variety of data may be processed by a smaller charity, they are less likely to identify or know when to report a breach.

However, 51% of high-income charities have reported a breach, which matches the pattern of larger businesses.

In the 2021 Cyber Security report, it was shown how charities have been targeted more frequently by ransomware attacks, viruses, spyware, and malware when compared with other businesses. This is because of the type of data they collect and store.

For example, the highly reported Blackbaud attack of 2020 affected thousands of supporters of charities and historic institutions across the UK. Among its victims were Crisis, a homeless charity, as well as other high-profile charities like Sue Ryder, Young Minds Myeloma UK, and more.

Steps charities can take to support cyber security

Regardless of size, charities have a responsibility with any data collected, stored, or transferred. This involves good cyber security practice, including risk assessments and regular patching.

BYOD security

Using personal devices involves risk, as the vulnerability to malware is managed by the user of the device. However, steps can be taken to secure the device, such as:

  1. Configuring ‘Find My Device’ or similar. This can be used to secure the device and erase it from your administrator panel. It can also help you find a lost or stolen device.
  2. Add Biometrics onto your device. Fingerprint is the most secure here, as Face ID can be bypassed.
  3. Ensure your device still has regular security patches released. If your device is old, then you will need to replace it to ensure security levels are maintained.
  4. Use a password management system to keep your passwords stored securely rather than on a notes page or similar.

Using Backups

While nothing sophisticated needs be used, cloud backups are not only useful in the case of a broken device, they also help to protect your data. If you’re not currently using a cloud system, it’s a virtual way of storing data rather than relying on physical storage, such as a USB stick. You send data to the cloud, which it holds, and when you want to access the data, you simply login and download it.

The increase in ransomware is blistering and backup is an essential risk mitigator. Having a good strategy for your backup, including holding physical offline copies, known as air gapping, is essential to keep your company running in case of ransom attacks.

Secure passwords to save data

Password creation and storage requires management and skill. Remembering multiple passwords can be a challenge, and therefore charities often use weaker passwords to make it easier to remember. Use a paid for password manager to help with this. Here at ramsac we use Password Boss to save passwords, both at an individual and a company level.

Outsourcing your cyber security

ramsac is an expert in cyber security and offers outsourced security and protection for charities, non-profits, and more. We know that charities often have complex requirements, and our specialist team is on hand to provide reliable support regardless of what you need.

Get In Touch

Receive our FREE bespoke IT health assessment

Registration No. 26980136
Terms and Conditions | Privacy Notice
11:29 22 May 20
Changing IT support providers, like changing lawyers, is not a decision any business takes lightly or frequently. The decision is fraught with numerous questions such as whether the new team will understand my business needs, will it cause teething problems, and more importantly, will the reality match the sales pitch! We took that decision to move to Ramsac in January after ten years with another provider and we have not regretted that choice for a moment. Ramsac are simply great! From the get go we have been very well supported from the front line very helpful telephone support team right up to our relationship manager. We feel that the Ramsac team are very much an integral part of us . What however has driven us to write this review is the fabulous support we have received following a cyber attack this week. Something no business wants to happen but is increasingly a sad factor of modern cyber life. The Ramsac cyber support team were superb and really gave us first class support and guidance through what was frankly a horrible experience. Thank you Dan! Denise Herrington
The HR Services Partnership
The HR Services Partnership
17:59 16 Jan 20
We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
Zoe Brooks
Zoe Brooks
13:02 16 Jan 20
Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
Sarah-Jane Calloway
Sarah-Jane Calloway
16:02 06 Jan 20
Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
Luke Hoey
Luke Hoey
14:20 07 Nov 19
Always very helpful and will work hard to resolve any issues you have.
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2021 ramsac. All rights reserved.