There’s nothing like a crisis to bring the bad guys out to play online and now that a lot of staff are working remotely, it’s more important than ever to be extra vigilant, making sure we are secure from cyber security threats, especially those directly targeting charities.
The concept of ‘working from home’ – perhaps for a day or two a week – has been around for a long time, but the current situation is a wholly different ball game. There is now a vast amount of people working from home, meaning working life has had to rapidly change.
If your charity was well prepared prior to Covid-19, you may have a well-equipped home office, or you may be logging onto the family laptop and home broadband. Either way, by now, you’re probably settled into digital routine, so it’s a good time to remember the cybersecurity basics to ensure your charity doesn’t lose out.
Beware of phony donations
With a downturn in charity income comes an increase in fundraising campaigns, so it’ s worth making sure that any emails you receive asking for donations from other charities are legitimate and not phishing emails designed to harvest your credit card details and personal data. Treat such emails with suspicion and examine the senders address and the content very carefully. Fraudsters are quick to latch onto people’s generosity and are launching their own ‘fundraising’ campaigns to see if they can tempt you, or your organisation, to part with cash. Part of that effort may be spoof websites, complete with a donation feature, designed to look like a charity – maybe even your charity.
Don’t get held to ransom
Some emails contain more than a link to a scammer’ s website; some emails carry an attachment which, when opened, will trigger software to scramble all your data. This ransomware is designed to encrypt all the files on your computer, and even on your servers, and the first thing you’ re likely to notice is a prominent message on your screen demanding payment to rescue your data. Ransomware is a nightmare to deal with. The best defence is to not succumb to clickbait by double clicking on every email attachment that drops in your inbox. If you’ re unfortunate enough to fall victim to ransomware, call your IT team as soon as possible.
Keep confidential information confidential
Most of you are dealing with sensitive information about beneficiaries and your information systems and office environment will have been designed with this in mind. For example, you may have had a clear desk policy in the office and there’ s no reason that shouldn’t apply at home. We wouldn’t pass on personal details to others in the house, so as well as locking away sensitive information at the end of the day, make sure that the laptop screen isn’t visible to anyone else whilst you’re working. Whilst we may be using devices to work on data electronically, many of us like to work on paper. If you print company data for convenience, be sure you don’ t leave documents lying around, and shred all copies when no longer needed.
Leave the data in the system
Your charity is charged with keeping its data safe. The GDPR enforces that obligation and just because you’ re not in the office, it doesn’t mean that doesn’t apply. It simply means that we all have to become data protection officers, so it’s worth thinking twice about downloading data to work on later. Your data is probably safe and happy sitting on the servers and systems that make up your charity’s IT infrastructure and whilst it stays there, it will be well protected from cybersecurity threats. When it leaves that environment, it’s likely to be more exposed to threats and loss, especially if it ends up on the family laptop. That could be embarrassing and costly for your charity.
Stay in touch
If something doesn’t seem right, it’s easier when you’ re in the office to ask a colleague to take look and give a second opinion. Working alone makes it more difficult, but not impossible, to do the same. There’s an old adage that says ‘if something doesn’t look right, then it probably isn’t’ – that’ s advice that can work well when it comes to security issues and it’ s usually prudent to ask the question and perhaps allay any doubts. Doing that remotely means taking a bit more time and using the tools at your disposal to share any potential problem. Maintaining a group chat is a quick way to post a question to your colleagues and if your information security officer is in the group, they’ll be able to respond quickly and expertly.
Check the settings
There’ s always been a great temptation for charities to use ‘free’ information services. We’ve given our opinion on the ‘price of free’ many times and as long as the information security officer has given it the once over, there are many platforms that can deliver great systems. With the workforce dispersed and working remotely, video conferencing platforms have become the de-facto communication channel for many organisations, and along with email and file sharing platforms, are often the staple of many charities IT systems. Not surprisingly, there’ s been a bit of buzz lately in the cybersecurity news about how easy it is to gatecrash video conferences on one particular well-used system, so our advice, as ever, is that it pays to check the security settings before launching that confidential conference call.
For more information, visit: charitiessecurityforum.org
Recent Stories