Why charities need to be aware that they are an easy target for cyber criminals

Cyber criminals aren’t going to show any compassion when on the hunt to make money on the internet.

Non-profit organisations such as charities are an easier target for cyber criminals than commercial businesses, due to their lack of resources.

So, stated Mark Edwards, cyber expert and Technical Director of Capital Network Solutions Limited at a recent seminar discussing how Charities could prepare themselves for the future.

He said that non-profits often held sensitive information on donors such as credit card transactions, yet much of the time didn’t have the IT resources of commercial organisations, as they have less budget.

In addition, work done on non-profit applications was often done voluntarily, which meant that they were potentially not as robust.

“There is an assumption that it will be easier to penetrate their applications and networks,” Mark Edwards said.

Top Challenges for Charities

• Lack of money – key focus is to spend money to help the cause of the charity
• Highly Sensitive Data – the nature of charities is that the data held is often relating to vulnerable individuals and potentially controversial causes that could make it a lucrative proposition in the wrong hands
• Limited IT knowledge – IT is often managed internally by well-meaning staff or is outsourced to the lowest cost IT support provider
• Personal Devices & Sharing – charities often have very limited resources so encourage staff to use their own personal devices to save money, this introduces significant risk.
• Social Media – charities rely on public awareness and readily accessible contact information can make it very easy for cyber criminals to utilise this information for inappropriate activities

What are the threats to charities?

• Soft touch – extensively targeted as it is perceived that they are easy to breach as they have limited IT security systems
• Employee theft/misuse – Limited policies and corporate structure, lack of understanding and education and personal gain are all factors that increase the risk
• Malware – Lack of education about the risk posed by internet and email use with limited malware protection ensures that malware is a very effective cyber-criminal tool
• Hacktivists – the controversial nature of some charities does attract individuals who do not necessarily support the charity cause or see the data held as a very valuable source of revenue
• Philanthropic Phishing – the heavy reliance on donors ensures that cyber criminals know exactly where to target to find out key donors for financial or personal gain

Top 5 tips to protect your charity

• An awareness of the risks posed to your charity need to be understood at Board Level
• All staff and volunteers need to be educated about how to stay safe online
• A through plan needs to be made once the risks are understood – Are our systems safe? Do we need outside expertise? What changes do we need to make? What investment do we need to make? What would happen if we were breached? How would we know? How would we react? Who do we need to notify? What impact would a breach have on our charity?
• Consider Cyber Liability Insurance as an option to provide you with financial, practical and reputational damage limitation support when you have a breach

Consider the new UK Government Cyber Essentials Standard as an easy low cost way to demonstrate your commitment to cyber security. As a leading Cyber Essentials Certification Body and having certified over 800 UK businesses (including 90% of our third sector customers) Capital Network Solutions are one of the most experienced CB for both Cyber Essentials and ISAME. Our cyber security team are highly accredited and experienced network penetration testers and infrastructure specialists.