Like businesses, charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. The National Cyber Security Centre (NCSC) illustrates it in its Charity Sector Threat Assessment, losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally.
NCSC covers five topics in its guidance which are easy to understand, free or cost little to implement. We hope this guide demonstrates how easy it can be to protect your charity’s data, assets, and reputation.
1. Backing up your data
All charities, regardless of nature and size, should take regular backups of their important data, and make sure that these backups are recent and can be restored. By doing this, you’re ensuring your charity can still function following the impact of natural calamities like; flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can recover quickly, your charity will be more resilient to cyber crime. Keep your backup separate from your computer, consider using the cloud, and make backing up part of your everyday business
2. Using passwords to protect your data
Your charity’s devices such as; laptops, computers, tablets and smartphones will contain a lot of important and sensitive data such as the personal information of your beneficiaries and supporters, as well as details of your online accounts such as banking. It is essential that this data is available to you, but not available to unauthorized users. Therefore use of password is essential and a must. Passwords — when implemented correctly, are a free, easy and effective way to prevent unauthorized users accessing your devices.
Use two factor authentication (2FA) for ‘important’ accounts, avoid using predictable passwords, change default password (you can change passwords every after a given period of time; like every month). Thereby, helping in keeping your Charity data safe.
3. Avoiding phishing attacks
In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information such as bank details, or containing links to bad websites to trick you into stealing your details to sell on. Phishing emails are getting harder to spot, and some will still get past even the most observant users. Whatever the size and nature of your charity, you will receive phishing attacks at some point.
You should configure your charity’s IT systems in advance using the principle of ‘least privilege’. This means giving trustees, staff the lowest level of user rights required to perform their role, so if they are the victim of a phishing attack, the potential damage is reduced. To further reduce the damage that can be done by malware or loss of login details, ensure that your personnel don’t browse the web or check emails from an account with Administrator privileges.
Use two factor authentication (2FA) on your important accounts such as email. This means that even if an attacker knows your passwords, they still won’t be able to access that account.
4. Protecting your charity from malware
Malicious software is software or web content that can harm your charity. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software. Therefore, Install (and turn on) antivirus software, keep all your IT equipment and software up to date, switch on your firewall, among others procedures to help prevent malware damaging your organisation.
5. Keeping your smartphones safe
Mobile technology is now an essential part of life in a small charity, with increasing amounts of data being stored on smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than desktop equipment. With this is mind, you can have your mobile devices secure by using password protection, activate tracker in case your phone gets stolen/lost, keep apps up to date, avoid connecting to unknown Wi-Fi Hotspots. This applies whether you are using your own personal device, or a device provided by your charity.