How to Protect Your Charity From Cyber-attacks
Cyber-crime is a threat that must be understood and properly prepared for. Charities and not-for-profit organisations may have good intentions within their missions, but that does not mean that cyber-criminals will spare them.
According to the 2021 Cyber Security Breaches Survey—commissioned by the Department for Digital, Culture, Media & Sport as part of the National Cyber Security Programme—approximately 26 per cent of charities experienced a data breach or cyber-attack in the previous 12 months. The survey also found that 68 per cent of charities consider cyber-security to be a high priority, which represented a decrease from the 74 per cent who said so in the 2020 edition of the report.
The consequences of a cyber-attack can be severe. These incidents can lead to financial loss, stolen data, business interruption, costly non-compliance fines under the General Data Protection Regulation (GDPR) and reputational damage. With these ramifications in mind, it’s important for charities to understand how to protect themselves.
Establishing strong cyber-security practices and policies is not a simple process. These precautions must be understood, implemented and committed to by every member of an organisation to be effective. Even a single employee or volunteer making a mistake can compromise critical information or an entire system. When establishing defences against a potential cyber-attack, consider the following steps:
- Prioritise training—IT professionals or senior leaders having an ample understanding of cyber-threats is not enough. All employees and volunteers should be trained on how to protect themselves and recognise cyber-threats.
- Use security software—An organisation’s devices should all be equipped with various security software that include anti-virus and anti-malware capabilities. This type of software may also be able to block users from being able to access malicious websites.
- Secure wi-fi use—Wireless internet networks can be convenient, but they may also be vulnerable to being accessed by intruders. Ensure that any organisational wi-fi networks are secured using encryption and that strong passwords are used. In addition, advise employees not to use unsecured or public wi-fi networks while working remotely or using an organisation’s devices.
- Activate firewalls—Almost all computers, such as Windows and MacOS, include a firewall designed to stop cyber-criminals. These cyber-security features are usually turned on by default, but it’s possible they could be deactivated by accident or due to malware. Check regularly that a device’s firewall is still turned on.
- Use two-factor authentication—Adding an extra level of security to all users across various online services may help fend off cyber-attacks. Two-factor authentication requires users to provide a second piece of information, such as a code sent in a text message, in addition to their regular password.
- Update software—Cyber-criminals are constantly looking for ways to breach an organisation’s cyber-security. Fortunately, as hackers attempt to find weaknesses in software, updates can help to fortify any issues. As such, it’s necessary for users to stay up to date on current versions to ensure maximum safety.
When composing educational materials or implementing training, it can be helpful for employees to understand the most common cyber-threats they may encounter.
According to the 2021 Cyber Security Breaches Survey, charities that reported having experienced at least one cyber-attack or data breach were most commonly affected by the following incidents:
- Phishing attacks—79 per cent
- Cyber-criminals impersonating members of an organisation online or by using email—23 per cent
- Viruses, spyware or malware (excluding ransomware)—16 per cent
- Denial of service attacks—8 per cent
- Takeovers of an organisation’s or users’ accounts—8 per cent
- Ransomware—6 per cent
Among charities that reported a cyber-attack or data breach in the aforementioned 2021 survey, 44 per cent said that they experienced at least one incident on a monthly basis. The average cost of a cyber-incident among charities was approximately £2,110. Such losses can make a big difference in regard to an organisation not only making progress in its mission but also being able to retain employees or even remain financially viable.
For more information on cyber-security guidance, contact us today. You can protect your business financially against cyber threats by purchasing cyber insurance.