Tips to Protect Your Charity from Cybercrime

There has been a continued increase in cybercrime in recent years, which is a concern for all entities, including charities. Cybercrime takes many different forms and can involve data breaches, identity fraud or phishing emails.

What makes Charities so vulnerable?

Charities can be targeted for a number of reasons, some of which are common for all types of organisations. But some of these are increased as a result of being a charity. These include:

  • The number of online donations has increased year on year recently. But a particularly significant increase has been seen in the past 2 years due to the pandemic changing the way we engage with charities. These online payments can be more susceptible to hacking.
  • Hybrid and remote working has become increasingly common as a result of the pandemic. This can lead to a weakening of internal controls. And with the government announcing that that way to get more people back into the workplace this is only set to rise
  • The number of phishing and malicious emails is increasing. They are also becoming more realistic and less easy to identify. Thanks to tools like ChatGPT and other AI tools figuring out what is real and what is a scam is more difficult than ever before
  • Due to the cost of living crisis, limited funds and cost savings being made, charities may have fewer online security controls in place.
  • Charities are unlikely to have a trustee on the board responsible for monitoring cybercrime.

How can Trustees protect against Cybercrime?

Despite the increasing levels of cybercrime, there are steps that charities and their trustees can take to protect them from cybercrime. Charities and their trustees should ensure that:

  1. IT processes and procedures are fully understood.
  2. The correct software for protecting confidential information is in place.
  3. They have a trustee on the board responsible for cybercrime and related IT security.
  4. Staff have sufficient training on the topic. This includes spotting a fraudulent email, following internal control procedures and using strong passwords.
  5. Any instances of cybercrime are reported both internally, and externally where necessary.

For further advice or tips, get in touch with a member of our Charity and Not for Profit team on 01903 234094.