Charities, like any other business or organisation, are at risk from cybercrime.
Having a recognisable, online presence is now customary for most charities. A website is an effective way to raise awareness of a charity’s work and fundraising campaigns. However, an established online identity can present an element of risk, as fraudsters have been known to assume the image and reputation of a charity to create unlawful fundraising sites.
The Fraud Advisory Panel and the Charity Commission have collaborated to create the Preventing Charity Fraud website to help charities take steps to understand the risks their organisation faces from cybercrime.
Assessing security controls
Resources available within the Preventing Charity Fraud site include a Fraud Risk Assessment template, helping charities to identify the threats they may encounter and to actively consider the controls they have in place to mitigate these. It is important for any organisation, no matter their size, to think about the possible limitations of their security measures and how fraudsters may exploit weaknesses or find ways to circumnavigate their controls.
Educating to safeguard your assets
The National Cyber Security Centre (NCSC) offers training for small organisations and charities – their package is free to use and covers five key areas.
- Backing up your organisation’s data correctly.
- Protecting your organisation against malware.
- Keeping the devices used by your employees secure.
- The importance of creating strong passwords.
- Defending your organisation against phishing.
Educating employees on the risks of cybercrime is one of the most important steps in protecting your organisation. The NCSC cyber security training can be accessed here.
It is sometimes the case that there are simply not the resources to have rigorous cyber security policies in place within a charity. Therefore, educating employees on the common threats can be a very effective frontline defence. NCSC also offer a 30 minute Staying Safe Online: Top Tips for Staff course – reiterating the basic steps that can be taken to keep your organisation secure.