Charities by their very nature, hold a huge amount of information that is attractive to hackers. The information held by charities often includes personal, sensitive, and financial data that when in the hands of a cyber criminal can be sold, held at ransom, or used to steal funds.
Cyber criminals often get hold of this information via the infiltration of malware on a computer system or electronic device such as a smartphone or tablet. Malware is software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system or device.
Ransomware is a type of malware that is designed to block access to a computer system until a sum of money is paid. If your charity fell victim to a ransomware attack, the cyber criminals behind it will threaten to publish your charity’s data or perpetually block access to it unless a ransom is paid. If a ransom fee is paid, there is no guarantee that data will ever be returned to you.
Another method that cyber criminals will use to obtain information is Phishing, not to be confused with fishing and being stood on a river bank with bait and a rod. However, the principle of hooking something valuable is applicable.
The Cyber Security Breaches Survey for 2021 revealed that Phishing is the most identified cyber-attack for charities. Among the 26% identifying any breaches or attacks, 79% had phishing attacks, 23% were impersonated and 17% had malware (including ransomware).
Phishing is when your employees are contacted by email, telephone or SMS by cyber criminals posing as a legitimate person or organisation. The fraudulent company or individual will them lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords.
The NCSC’s guidance for charities will help you take action to protect your charity from malware attacks, here are some basics you can action today to get things started:
1. Backing up your organisation's data correctly
2. Protecting your organisation against malware
3. Keeping the devices used by your employees secure
4. The importance of creating strong passwords
5. Defending your organisation against phishing
View the Small Charities Guide from the National Cyber Security Centre