This week is Charity Fraud Awareness Week and it’s been specifically set up to provide charities with valuable advice on how they can protect themselves from the threat of fraud and cybercrime.
Charities are increasingly under attack and are proving to be a very attractive target for cybercriminals. They have access to sensitive data, receive huge amounts in donations and will typically have a lower level of cybersecurity than larger organisations.
This makes them hugely vulnerable to attack, and hackers will be ready to take advantage of any lapses in security to get their hands on this sensitive information.
The resulting consequences can be devastating, and just one data breach could damage a charity’s reputation and discourage people from donating more money. It could also have more serious ramifications if sensitive data such as the location of a domestic abuse victim was disclosed, or confidential patient data was leaked.
Cybercriminals don’t care about the good causes that the charities support, they see an easy target that they can profit from and will try all avenues to gain a foothold within the organisation.
This was evidenced recently when Cancer Research UK was targeted by a sophisticated group of Russian hackers. The hackers attempted to steal the card details of people who had bought items through the charity’s online gift shop.
To gain access to the financial data, the hackers planted malicious code into the website which would intercept and steal the credit card details of customers. Thankfully, the online store’s services were immediately disabled to ensure the exposure was limited, and a subsequent investigation confirmed that no supporters were impacted by the attack.
Other charities haven’t been so lucky. According to the latest Annual Fraud Indicator, charities and trusts lost £2.3bn to fraud in the year ending November 2017.
There are almost 200,000 charities registered in the UK, and research conducted by Ecclesiastical UK found that 17% of charities had experienced a cyber-attack in 2017. The most common attacks methods were: Ransomware attack – 41%, Phishing – 35%, Malware – 24%, other (website/phone) – 18%, Denial of Service attack – 6 % and Password attack – 6%.
How can charities protect themselves?
To deal with the ongoing threat of cyber-attacks, charities need to become proactive in their approach to cybersecurity.
To protect their data, assets and reputation, charities need to identify the key areas that could be exploited by cybercriminals and implement a layered approach to effectively defend their organisation from attack.
Preventative measures include:
- Staff awareness and education
It’s easy to assume that the majority of all cyber-attacks are a result of hackers breaching security systems, but more often than not, they are a direct result of an employee clicking on a malicious link. Educating staff on the dangers of cybercrime is one of the most important preventative measures that a charity can take.
- Anti-Virus software
Charities operate on tight budgets but it’s vital they invest in the latest Anti-Virus software to detect any threats and block unauthorised users from gaining access. Software should be updated on a regular basis to prevent hackers gaining access to the system through vulnerabilities in older and outdated programmes.
- Strong passwords
Creating a unique password is one of the easiest ways to prevent being hacked online. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For further defence, users can create a passphrase. The first letter of each word will form the basis of the password and letters can be substituted with numbers. A passphrase is typically longer than a password and a lot harder to crack.
- Regular back up of data
Charities have access to valuable data and it’s vital to make regular back-ups of important files using an external hard drive or online storage provider. This will ensure that in the event of a cyber-attack, charities can retain their critical data.
- Restrict access to sensitive data
In order to secure critical data, charities should have a tiered structure in place that differentiates between sensitive and non-sensitive data. This will restrict access to sensitive data and ensure that only employees with the highest level of clearance can access this valuable information.
- Manage use of portable media
As the use of portable media devices has increased, so has the associated risks. A seemingly harmless portable media device has the potential to trigger a massive cyber-attack, even when the computer system targeted, is isolated and protected from the outside. Human error remains the number one cause of a cyber-attack, so it’s vital that staff follow the correct procedures when handling removable media devices outside of the office.
The increasing sophistication and growth of cyber-crime has meant that companies need to have the strongest systems in place to combat this constantly evolving threat. To ensure that staff are engaged and educated, we have created the best quality cyber security and compliance content available on the market. Get in touch for further information on how we can help protect your organisation.