Skip to main content

How to keep your charity safe from cyber crime

Assess your risks and protect your charity

How to keep your charity safe from cyber crime

Cyber attacks are becoming an even bigger risk, and in the 12 months leading up to April 2018 over 20 percent of charities fell victim to them. However there are many steps you can take to help keep your charity safe. Here, Virgin Money’s Security Threat Intelligence Analyst, Martin Giles, rounds up his top tips to help keep you safe.

1. Key reading for small charities

If you’re a charity looking for help on how to assess your risks and keep yourself safe, then as a great starting point check out the National Cyber Security Centre’s (NCSC) Threat Assessment report, which outlines the cyber threats that charities of all sizes now face. This Cyber Security: Small Charity Guide from the NCSC also shows you how to keep your charity safe without breaking the bank (or needing an IT whizz).

2. Get the basics right

Luckily most cyber attacks are easily preventable. If you patch your software against known viruses and create strong passwords – making sure not to use the same ones for multiple logins – you can easily prevent most attacks.

3. Back up and protect your data

Recently there’s been an increase in attacks in ransomware that remove systems and demand a ransom to retrieve them, and data breaches which could risk losing information vital to your charity. If you back up and protect your data, you can avoid losing years of your supporters’ records, reputational damage and fines from the Information Commissioner’s Office (ICO).

4. Only open emails from people you know and trust

Making sure that emails you receive are from trusted sources is a great way to keep your charity safe.

Recently there has been an increase in phishing emails, where fraudsters try to access sensitive information, particularly through malicious links. This type of fraud is often successful because it relies on the goodwill assumption that people are getting in touch because they genuinely want to support your charity. You can protect your charity by always checking the sender’s email address and whether you know and trust that person.

5. Only trust people you know, even if they know you

It pays to be extra cautious with emails you receive. Sophisticated fraudsters can now try to use your information to make them seem more trustworthy. So, if an email contains your personal details, it doesn’t necessarily mean it’s from a safe sender – they may have found your information through a cyber attack on another site you use.

Charities Aid Foundation has some important guidance on the types of threats you need to be aware of and how to keep yourself safe.

6. Take Five

Take Five is a national campaign, led by Financial Fraud Action UK (part of UK Finance) and backed by Her Majesty’s Government, that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations. Be sure to familiarise yourself with the helpful insight and tips they provide, to ensure you’re aware of the threats fraud poses.

7. Carry out cyber security training

You can break down cyber security into easily manageable chunks with NCSC’s resources and training. In early 2019 they published a brand new toolkit to help you have the right conversations about protecting your charity. Plus they’re launching a free e-learning package for staff and volunteers, so everyone can feel confident, no matter their role.

8. Nominate a cyber security expert

Not everyone is an IT whizz so sometimes it’s a good idea to nominate a dedicated cyber security person within your team, who can become a cyber expert – there’s lots of training courses out there which will ensure they have all the knowledge.

Have a look at NCSC’s GCHQ certified training courses.

Here at Virgin Money Giving we take cyber security very seriously and being part of Virgin Money means our security and systems all meet approved banking standards, and so your data is safe with us.

However if you’ve been a victim of fraud or cyber crime, be sure to report it to Action Fraud – the National Fraud and Cyber Crime Reporting Centre – where you can seek guidance and support.

Back to Top