Charities are vulnerable to cyber-attacks for many reasons such as holding funds, or having sensitive or valuable data in their possession.
Ransomware, malware and spyware, phishing emails, fake organisations and websites are some of the ways charities can be vulnerable to attacks.
Other scams include phone calls and texts, if you’re ever a victim it’s recommended to report it to Action Fraud.
In 2023, 83% of charities reported they had experienced phishing attacks in the past 12 months.
According to a 2024 survey conducted by NatWest, social media marketplace and AI voice cloning scams are some of the most common scams.
It’s commonplace to receive emails from recognisable organisations and brands, a delivery company, Facebook or even your bank.
However, many of these emails are scams known as ‘phishing emails’ whereby scammers impersonate a trusted organisation and try to trick people into handing over sensitive information.
Emails are becoming more and more realistic due to AI but there are some things to look out for to identify whether an email is fake or not. Here are some of the signs:
- A fake sender
- A sense of urgency in the email
- A request for information
Check out this Phishing Quiz to see if you can differentiate the fake emails from the real ones.
It’s crucial to adhere to GDPR principles when processing personal data, ensuring it’s processed lawfully, fairly and in a transparent manner.
Data should only be collected for specified, explicit and legitimate purposes and only what is adequate, relevant and should be limited to what is necessary.
Personal and sensitive information should be stored accurately and kept up to date, kept as long as necessary and processed appropriately to maintain security.
How to improve cybersecurity
- Backing up your data
- Protecting against malware
- Securing your mobile devices
- Password best practice
- Avoid phishing attacks
Creating a secure password, enabling multi (or two) factor authentication, pins or fingerprint/facial recognition are some of the ways to protect your devices and your data.
Here are some tips on protecting your data and devices:
- Switch on password protection - where this not enabled by default
- Change all default passwords – to mitigate against ‘open door’ access
- Avoid predictable passwords – have an organisational password policy, implementing NCSC’s 3 random words plus a number and symbol 4.
- Use two factor authentication – where available for the tools you are using 5
- Individual accounts for everyone where possible – easier to control authorised access. Remember to block accounts / change passwords when people leave your organisation