3 step checklist to help charities be more secure online

Updated: Aug 6

The last 18 months has brought on some major challenges for everyone across the charities sector. Whilst so many charities have moved their staff to remote working and becoming more digitally aware, sadly we are also facing more challenges from criminals operating online.


Keep secure online should be a priority for every charity. To help you keep on top of important security measures and keep your data out of the hands of hackers. We’ve developed this three-step security checklist to help secure your data.

  1. Review your Privacy Settings

  2. Keep your email account secure

  3. Keep devices secure when working from home


Review your Privacy Settings

This is very important to avoid exposing unnecessary information about you or your charity. It’s prudent to revisit your devices and social media account privacy settings and make sure these settings are in line with any security & device policies you have in place.


Privacy settings for Devices - If you've just bought a new device, or haven't looked at your security settings for a while, you should take some time to make sure you're protected against the latest threats. Fortunately, most manufacturers provide easy-to-use guidance on how to secure your devices which you can view below:

These are guides on how to review/amend your privacy settings on social media accounts:



Keep your email account secure

We found that email account compromise was the common breach against charities in the North West and phishing is the most commonly identified cyber attack against charities. So keep your email account secure with the following tips:


● Make sure you have 2-Step Verification enabled on your accounts and update your recovery phone number and email address.

● Keep your browser, operating system and apps up-to-date.

● Make sure you have a strong, unique password on all your email accounts - don’t reuse the same password on multiple accounts!

● Remove or disable any unused apps or browser extensions.

● Never give out your passwords - An email provider will never ask for your password in an email, message, or phone call.

● Check any suspicious emails for the following:

○ Does the email address and sender name match?

○ Are there spelling and grammar errors?

○ Does the email contain a veiled threat that asks you to act urgently?

○ If it sounds too good to be true, it probably is.

○ Forward any suspicious emails to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk


Keep devices secure when working from home

● Set your updates to install automatically - keep your browser, operating system and apps up-to-date.

● Make sure you are locking your screens if you are leaving your device left unattended.

● Keep a backup of any important data in the cloud or using a removable storage device.


When it comes to cyber criminals, there’s nothing small about small charities or businesses. If you’re open for business online, you could be open to cyber attacks. For further guidance and support, let us help your charity stay ahead of cyber criminals via our free core membership.


Find out more via http://www.secrc.co.uk/membership

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.