Charities are increasingly being targeted by cyber criminals, looking to exploit a sector that too often can be seen as an easy target.
In March 2021 it emerged that more than a quarter of charities had fallen victim to cyber-attack over the last year.
This survey from the Department for Digital, Culture, Media and Sport also found that larger charities, which conduct more business online, are more likely to fall victim to cyber-criminals.
Among the most high-profile charity victims in 2021 has been The Salvation Army.
In July the charity alerted the Information Commissioner’s Office and the Charity Commission as it investigates a cyber security breach.
Other charities to be impacted have included The National Trust and Crisis, who in 2020 were among charities impacted by a ransomware attack on cloud computing provider Blackbaud. Hackers stole data in return for a ransom, which the US-based provider paid.
The increase in home working and online operations amid the Covid-10 pandemic and as UK society recovers has also seen an increase in cybercrime.
According to a survey by Specorps Software in 2020, around two thirds (62%) of charities saw an increase in cybercrime during lockdowns.
Cyber expert Sam Curry, chief security officer at Cybereason, says thaat “non-profit organisations should be off limits to these types of attacks”, but criminals are “soulless, profiteers and no industry or company is safe.”
Another security expert ,Trevor Morgan, product manager at comforte AG says: "No cyberattack is acceptable or warranted. Yet, most of us recoil strongly when charitable people and organisations like the Salvation Army become the targets of criminals.
“Every organisation—even a non-profit—has valuable data about its employee base as well as external customers and other contacts. This data must be guarded.”
As well as ransomware, where criminals block or steal data and IT systems in exchange for money, there is a number of increasingly sophisticated techniques criminals are using.
This includes cryptojacking, where criminals gain unauthorised use of devices to mine for crypto-currency. Another is phishing, where criminals send false emails to gain information, passwords and access to bank accounts.
Here we look at some of the key organisations, resources and products available to help charities protect themselves online.
The Information Commissioner’s Office (ICO)
The ICO is the regulator for information rights and data privacy and the first organisation charities should access should they fall prey to cyber criminals.
It advises on issues such as informing people and organistions whose data is involved. An online self-assessment tool is also available to determine whether the breach needs to be reported.
National Cyber Security Centre
The government’s National Cyber Security Centre (NCSC) was launched in 2016 as a single point of contact for organisations, charities and government departments to tackle and prevent cybercrime.
Among resources and support it offers is a small charity guide.
This has been produced to help charities to protect themselves form the most common cyber attacks. This includes backing up data, keeping devices safe and preventing malware (malicious software) attacks. Advice on using passwords to protect data, as well as avoiding phishing attacks are also in this guide.
The NCSC also runs Cyber Essentials, a government backed scheme to help organisations protect themselves from cyber attacks.
In addition, the NCSC produces a cyber security toolkit for boards and advice on how to report fraud.
The Charity Commission
The regulator for charities in England and Wales offers a raft of resources and advice to help the voluntary sector protect itself from cyber threats.
Resources include the Charity Fraud Awareness Hub, which is run by the regulator alongside the Fraud Advisory Panel and UK Finance. It has helpsheets, case studies and runs webinars. A recent webinar promoted through the hub took place in May and offered charities advice on preventing fraud amid the Covid-19 pandemic.
The case studies available through the hub are particularly interesting for charities to ensure they can protect themselves from cyber criminals.
Other resources include advice on how to report fraud.
The Charities Security Forum
Formed in 2007, the Charities Security Forum group represents information security experts working for charities and looks to address security issues affecting the sector.
It offers a raft of resources and support to the sector and basic membership is free, with no joining fees or membership dues.
Members are encouraged to discuss and share their expertise on cyber security issues. This includes a discussion group on LinkedIn. It also publishes sector specific whitepapers and organises social events.
Action Fraud
The UK’s national reporting centre for fraud and cybercrime offers access to a number of resources to help protect charities from cyber threats. The organisation is run by the City of London Police, working with the National Fraud Intelligence Bureau.
It also offers an online reporting service when an incident occurs.
Fraud Advisory Panel
Charity the Fraud Advisory Panel looks to champion good practice on fraud prevention, detection, investigation and prosecution to ensure people and organisations are protected.
It is one of a number of charity stakeholders globally involved in staging the annual Charity Fraud Awareness Week, which takes place on 19-23 October in 2020. This aims to raise awareness among charities and the public of the threats they face from criminals online. More information can be found on social media using #CharityFraudOut.
As well as being a partner in running the Charity Fraud Awareness Hub, the Fraud Advisory Panel also has a raft of e-learning resources available to help charities protect themselves.
Skurio
Skurio’s digital risk protection platform aims to protect charities from data breaches. This includes its Breach Alert feature, which monitors data and information and provides instant alerts.
Offers and discounts are available for charities.
Among those supported by Skurio is Breast Cancer Now, which has integrated the platform into the charity’s IT and data systems.
Avast Business Antivirus
Avast Business Antivirus is a package of products aimed at small to medium sized organisations to protect them from cyber attacks, including ransomware incidents.
Discounts on an annual subscription for charities are available.
Features include a file shield that scans files that are opened and downloaded to make sure it is free of any malware.
Another is a Wi-Fi inspector feature, which scans networks for threats. It also includes am Anti-spam feature to keep out phishing emails as well as annoying emails
Bitdefender
Bitdefender offers a range of products to protect charities from cyber threats, including its GravityZone Buiness Security software. This protects devices and servers from threats including viruses, spyware and Trojan horses, which are malicious codes or software that look to take control of a device. This is another cyber threat prevention product where it is worth asking for a charity discount.
According to Bitdefender, more than 12 million new and variant strains of malware emerge each month.
It adds: “Social networking websites such as Facebook and Twitter provide cybercriminals with personal data for exploitation through social engineering and can enable malware to spread faster than ever. If a malware may once have taken days or even weeks to propagate, it can now reach millions of computers in hours.”
F-Secure
Cloud based cyber protection firm F-Secure looks to protect organisations from threats including data breaches and ransomware attacks. It also offers an integrated patch management feature, which is a process whereby systems and software are updated with new pieces of code to fix vulnerabilities that may leave a system open to threats.
Products include F-Secure Protection Service for Business, which looks to render previously unknown attacks harmless as well as prevent ransomware threats.
Kaspersky
This cyber protection product is designed with small organisations in mind and offers features such as anit-spam, ransomware protection and file encryption.
Kaspersky offers specific advice around protecting from Covid-19 charity cybercrime scams. This includes finding out how criminals can set up fake charities or impersonate existing voluntary sector organisations. Advice on tackling phishing is also available as well as staying safe on social media.
Recent Stories