As a quarter of UK charities fall victim to cyber-attacks in the last year, many still fail to realise how vulnerable they are to attack, says leading cyber-security firm

The Charity Commission revealed that in the 7 months from March to October 2020, almost 700 charities fell victim to fraud or cybercrime, amounting to £3.6 million in total losses. The Cyber Security Breaches Survey 2021 also suggests over a quarter (26%) of charities experienced a cyber-breach in the last year.

Worryingly, the true scale of fraud in the sector is believed to be much higher. Underreporting hinders our true understanding of the scale, as not all charities will choose to disclose cyber breaches externally for fear of reputational or further financial damage.

For a sector that generates billions in economic output – as much as £200bn according to a report from the charity Pro Bono Economics- it’s no surprise that the charity sector is becoming an increasingly hot target for fraudsters, and the implications of a cyber-attack can be catastrophic.

A sizeable number of organisations that identify breaches usually report a negative outcome. Loss of reputation, negative public perception, loss of productivity and loss of revenue (data published in the Cyber Security Breaches Survey 2021 suggests the average cost of a cyber-attack is £8460 for small organisations, and £13,400 for medium and large organisations) are just some of implications charities must contend with when dealing with the sometimes insurmountable cost of a cyber-attack.

But there are also hidden expenses to consider, such as legal costs, insurance premiums, or even fines from regulators if organisations have failed to comply with regulations. Charities also need to consider the impact such an attack may have on their wider community, particularly vulnerable communities who may benefit from the charity’s services.

Paul Howard, Managing Director at Infuse Technology, a leading IT Managed Service Provide and cyber security experts comments “Almost all charities have some form of digital exposure, meaning they are automatically exposed to potential cyber-attacks. Factor into this significant changes in ways of working brought about by the pandemic, and a shift towards digitised systems, many charities have found themselves facing a new spate of security challenges.”

“Unfortunately, many UK charities fail to realise how vulnerable they are to attack - many of the charities that we work alongside simply don’t consider themselves as targets, but sadly this is the exact reason many fraudsters target the sector due to a perceived lack of commercial cyber awareness.”

“Ultimately charities, like organisations in many other sectors, hold a myriad of valuable data – from personal data to key financial information – all of which is hot property to cybercriminals.”

“Quite alarmingly, some estimates suggest 60% of small and medium sized organisations who experience a cyber-attack fold within 6 months. As many charities often operate with low margins, relying heavily on public support, a cyber-attack is likely to have a significant and detrimental impact on the longevity of the organisation.”

There are several basic measures charities can implement to assure a level of cyber-security, for example:

• Define a starter and leaver process
  • Make sure appropriate and necessary permissions are granted and removed in a timely manner each time a member of staff joins or leaves
• ‘Patch’ your servers and PC’s
  • Whilst this may sound complex, you will have no doubt had a notification saying, “the latest version of thissoftware is now available”. This is ‘patching’. It simply repairs a vulnerability or a flaw that is identified after the release of an application or a software
• Use multifactor, or two factor authentication (2FA)
  • Multi-factor authentication requires users to provide a secondary form of verification, such as a fingerprint or one-time passcode before access to accounts is granted
• Educate employees
  • One of the best defences in minimising cyber-attacks is by educating staff, ensuring they have strong passwords, have information security awareness, and know how to spot the signs of a cyber attacks
• Review data storage
  • Think about how – and where - your data is stored. Whether its stored manually on premises, or stored digitally in the cloud, make sure your employees are storing and sharing data in a secure, confidential way

Further to this, Paul adds “Understandably many charities may not have the resources to put any cyber security policies and training in place, leaving organisations and staff exposed. But to help, the National Cyber Security Centre (NCSC) has produced an e-learning training package: 'Staying Safe Online: Top Tips for Staff', which we thoroughly recommend organisations take advantage of.”

“The training is primarily aimed at SMEs, charities and the voluntary sector, and therefore a great resource for organisations in the sector.”