The internet is an incredible invention. It opens up the world and gives you the potential to reach millions of possible supporters of your cause, inspiring them to volunteer, fundraise or donate.
But with that accessibility comes challenges. As you will be aware, charities and nonprofits are not immune to cyber crime. In fact, the number of cyber attacks on charities is astonishingly high.
According to the results of a Government survey, 30% of charities experienced a cyber attack in 2022. And, while that is a risk in and of itself, if you suffer a data breach that could have been prevented, you may also face a fine from the Information Commissioner’s Office (ICO).
So what are the main risks in 2024?
What are the key types of cyber crime charities should be aware of?
Phishing
Phishing emails try to trick staff or volunteers into revealing sensitive information or clicking malicious links that download malware onto your device.
Before clicking any links that come through to your inbox, check that the sender’s email address is correct and spelt properly, and that any logo and graphics are accurate.
If you are in any doubt about an email’s origin, contact the sender in a separate email thread or over the phone to make sure they really sent it to you.
DDoS
A Distributed Denial-of-Service (DDoS) attack overwhelms a website by directing lots of traffic to it, usually using robots. This means genuine supporters cannot visit the site.
It can be difficult to spot, but will typically show as sluggish website load times or an inability to access the site. Many website hosting services have processes to minimise the risks of DDoS, but if you think you might be a victim, raise it with your website manager.
Ransomware
This is exactly how it sounds. Cyber criminals gain access to your systems, via hacking or phishing, and then encrypt them. You won’t be able to access your data unless you pay a ransom to get it back.
If you suspect that you are being attacked by ransomware, remove any affected devices from your network to reduce the chances of them infecting other machines. Then contact both the police and the National Cyber Security Centre (NCSC) and report the issue. You will also need to report any data breaches to the Information Commissioner’s Office (ICO).
Growing cyber threats
While there are established cyber risks, such as those explained above, there are new schemes appearing on the scene as hackers become more sophisticated. Here are just a few of the most common.
Vishing and smishing
These terms may sound silly, but they’re a big risk to organisations and individuals and take phishing to a new level.
In the case of vishing, cyber criminals use voice replicators to pretend to be someone in your organisation. They may ask you to authorise a payment or access to data.
Smishing, on the other hand, sees criminals using SMS and text messaging to mimic a member of your team asking you to make payments, click malicious links or grant access to your systems.
As with phishing, it pays to call the person back using known contact details to check that the request is legitimate.
Supply chain attacks
There is a growing number of reports about supply chain targeting. Cyber criminals may target software or website vulnerabilities to gain access to your systems by either targeting the software itself, or by using your suppliers’ systems.
What can charities do to protect themselves from cyber crime?
Although the number and nature of cyber risks is constantly evolving, there are steps you can take to protect your organisation. We’ve listed some of the most common below, but this list is by no means exhaustive. Be sure to check the NCSC website for the latest news and updates.
Implement cyber security best practices
Ensure that team members update their passwords regularly and that they’re not easy to guess.
Multi-factor authorisation (MFA) is also a valuable tool to prevent malicious actors from accessing your systems, even if they gain access to passwords. Your IT team can help you to get these set up.
Staff training
Make sure your teams know what to look out for when it comes to cyber crime.
There are numerous resources available online to help you explain the risks and what you should do. For instance, the National Cyber Security Centre has a phishing simulation exercise available online, which can be used to explore what phishing looks like. They also issue bulletins about growing risks.
Backup your systems
If you’re the victim of cyber crime, your data could be held for ransom or even deleted.
Regularly backing up your data to another location will help in these circumstances, giving you the opportunity to reinstate key information after the incident has been resolved.
Build an incident response plan
In the event that something goes wrong, it’s vital to have a step-by-step process to follow. While you have a clear head, define who you need to notify and when, so that in the heat of the moment, your teams know exactly what to do. The NCSC has some helpful guidance to help you get started.
Arrange Cyber Insurance
Cyber cover is an essential consideration for charities of all shapes and sizes. It will help you to handle the aftermath of a cyber attack, from identifying the source of the attack to helping to restore data, managing your reputation and generally ensuring you get the support you need. It’s important to note that insurers will require that certain conditions are met in relation to cyber security in order to guarantee cover.
Speak to our Charity Insurance team
Here at Chris Knott Insurance, our friendly team understands the challenges faced by charities in the UK. This means we are able to tailor policies to meet your needs and your budget, so that you can focus on your cause. Give our team a call on 01424 205009 today to find out more.