Protect Your Mission: Cyber Security for Charities

Cyber Threat Landscape

The cyber threat landscape is constantly evolving, and each organisation and individual has their own cyber threat landscapes; therefore, it requires bespoke identification through comprehensive research and assessments, to then find the right solution to combat.   

Charities are at an increased risk of cyber attacks carried out through methods of phishing (80%+ of charities reported experiencing a phishing attack in the last 12 months), social engineering (nearly 40% of charities experienced social engineering) and almost 15% of charities reported methods of malware and viruses.  

Why Are Charities Vulnerable?

Charities are often restricted regarding resources available, with teams working across multiple functions of the organisation and many part-time and volunteer-based employees, there is rarely one person dedicated to the function of IT and cyber security. This stretch of resources can see vulnerabilities in cyber defences as time may be viewed as more valuable spent on the core mission of the charity such as fundraising efforts.  

The same perception can be applied to budgets, whereby spending is carefully calculated for charitable organisations, with little left to dedicate to cyber security solutions. Furthermore, charities with minimal funds may be at a higher risk of cyber attack as it will be known the effects will be more detrimental surrounding recovery, obtaining insurance, ICO fines (Information Commissioner’s Office) and more.  

Most charities hold personal information perhaps for both those they seek to help/serve and donors to the charity. Such data is an attractive quality for cyber attackers who can seek to disrupt charities, holding them to ransom threats.  

Benefits of Strong Cyber Security for Charities

Protection of sensitive data: charities often handle sensitive and personal information about donors and beneficiaries and their employees too. Ensuring you have strong cyber security in place as a charity ensures this data is protected from breaches and safeguards end user’s privacy.  

Regulatory compliance: Aligning with the above, multi-layered cyber security only protects the sensitive data you hold further; therefore, sees adherence to GDPR compliance. Furthermore, through establishing strong cyber security, organisations can obtain Cyber Essentials accreditation – this may prove beneficial when working or fundraising in partnership with Government bodies.  

Trust and reputation: A data breach can damage trust and reputation amongst charity donors, end users and the general public. Strong cyber security helps to ensure charities are viewed as reliable and trustworthy sources of aid. Furthermore, building donor confidence is essential to the future of donations – donors want to know that their financial contributions are delivered in a secure manner.  

Steps to Improve Cyber Security as a Not-For-Profit

Audit: Undertaking a cyber security audit or risk assessment is an ideal starting point for any organisation, including charities. Enlisting a cyber security expert to look at your charity’s IT infrastructure and cyber threat landscape to identify the levels of risk and gaps you may have in cyber security protection. It is through the identification of these gaps, that you can work on improvements and fortifying your charity.  

Staff Training: Phishing was touched upon earlier in the blog and is one of the leading causes of cyber attacks. With this, it is important to provide staff training to enable them to spot phishing attempts and more; in turn, decrease your risk of breach.  

Plans & Processes: It is important to have an incident response plan, disaster recovery plan or business continuity plan in place to ensure your team are aware of the processes and procedures to follow in the instance a cyber attack occurs. It is also important to ensure these documents are reviewed and updated regularly in accordance with the current cyber threat landscape and wider impacts. For example, these plans should have been amended during the Covid-19 pandemic to adapt to the change in everyone’s lives and day-to-day operations and should have also been amended since.  

Multi-layered security: With multiple routes of entry for cyber attackers means multiple routes of protection. It is imperative to enlist a multi-layered approach to your cyber security in order to provide defences from all angles.  

How Working with an MSP can help

Enlisting an MSP (Managed Service Provider) to help navigate your cyber threat landscape, advise and provide cyber security solutions as a charity has its benefits… 

Technical teams within MSPs such as ITRM are not only award-winning and highly qualified but are quite literally experts in their field. With over 25 years of experience serving London, the Southeast and surrounding home counties, ITRM’s team can provide the expertise and resources top-up that charities often lack or are stretched for and, at a more accessible cost. Furthermore, as an MSP can provide a variety of IT services from IT support to cyber security, charities can benefit from the cost-effectiveness of having both support services under one roof. With this, MSPs can work with charities to understand requirements and package bespoke solutions to suit – this ensures your multi-layered security solutions are specifically targeted to your cyber threat landscape.  

In Summary 

In today’s increasingly digital world, becoming victim of a cyber attack is only a matter of time and charities are not excluded from the list of targets. With the sensitive data held and overall nature of charitable organisations, it is increasingly important to adopt robust cyber security solutions to ensure protection from cyber attacks to ensure you continue to operate and deliver your mission.  

Tilly Hawkins

Tilly is the Marketing & Communications Manager for ITRM Ltd, an award winning UK-based MSP (Managed Service Provider) delivering a range of services across IT Support, Cyber Security, Advisory, Consultancy, Voice & Data/Telephony and more.

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...