Tips to protect your charity from cybercrime
There has been a continued increase in cybercrime in recent years, which is a concern for all entities, including charities. Cybercrime takes many different forms and can involve data breaches, identity fraud or phishing emails.
Charities can be targeted for a number of reasons, some of which are common for all types of organisations. But some of these are increased as a result of being a charity. These include:
- The number of online donations has increased year on year recently. But a particularly significant increase has been seen in the past 18 months as a result of the COVID-19 pandemic. These online payments can be more susceptible to hacking.
- Remote working has become increasingly common as a result of the COVID-19 pandemic. This can lead to a weakening of internal controls.
- The number of phishing and malicious emails are ever increasing. They are also becoming more realistic and less easy to identify.
- Due to limited funds and cost savings being made, charities may have fewer online security controls in place.
- Charities are unlikely to have a trustee on the board responsible for monitoring cybercrime.
Tips for trustees
Despite the increasing levels of cybercrime, there are steps that charities and their trustees can take to protect them from cybercrime. Charities and their trustees should ensure that:
- IT processes and procedures are fully understood.
- The correct software for protecting confidential information is in place.
- They have a trustee on the board responsible for cybercrime and the related IT security.
- Staff have sufficient training on the topic. This includes spotting a fraudulent email, following internal control procedures and using strong passwords.
- Any instances of cybercrime are reported both internally, and externally where necessary.