Protecting the most vulnerable – cyber attacks on charities
In today’s threat landscape, many hackers will happily target those putting up the least resistance for the easiest gain. With charities, their resources and available budget to spend on cyber defences are often very low, making them a very easy target. Below, we take a look at some of the most common cyber risks to charities, and the simple steps they can take to help overcome them.
Phishing Attacks: Charities may be targeted with phishing attacks aimed at obtaining donor or employee credentials, financial information, or personal data.
Ransomware Attacks: Charities often have valuable data, and a successful ransomware attack can disrupt their operations, compromise donor information, and lead to financial losses.
Data Breaches: Charities collect and store sensitive data, including donor information, financial records, and personal details of beneficiaries. Data breaches can occur due to inadequate security measures, insider threats, or external hacking attempts, potentially exposing personal information and damaging the charity’s reputation thereby impacting a donor’s decision of whether to donate or not, fearful that sensitive information about themselves may be easily accessed.
Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks overwhelm a network or website with an excessive amount of traffic, rendering it inaccessible to legitimate users. Charities depend on their websites to engage with supporters and collect donations, making them vulnerable to DDoS attacks that disrupt their online presence.
Social Engineering Attacks: Social engineering involves manipulating individuals into divulging sensitive information or performing actions that may compromise security. Attackers may impersonate donors, volunteers, or staff members to gain unauthorised access to systems or trick employees into disclosing confidential information.
What actions should charities undertake to avoid cyber attacks?
Without needing to invest large sums to help safeguard their operations and those reliant on their funding, there are some simple, inexpensive steps charities can take to enhance their resilience.
Employee Training and Awareness: Conduct regular training sessions to educate employees and volunteers about cyber security best practices, including identifying phishing emails, using strong passwords, and reporting suspicious activities. Raise awareness about the latest cyber threats and the potential impact on the charity and wider not for profit community.
Strong Passwords and Multi-Factor Authentication (MFA): Enforce strong password policies that include a combination of upper and lowercase letters, numbers, and special characters. Encourage employees and volunteers who require digital access or use IOT devices to support charities to use unique passwords for each account and implement MFA wherever possible to provide an additional layer of security.
Regular Software Updates and Patching: Keep all software, operating systems, and applications up to date with the latest security patches. Regularly apply updates to address vulnerabilities and protect against known exploits.
Data Encryption: Utilise encryption techniques to protect sensitive data both in transit and at rest. Encrypt data stored on servers, databases, and portable devices to ensure that even if they are compromised, the data remains secure and unreadable.
Robust Backup and Recovery Procedures: Regularly back up critical data and systems to off-site locations or secure cloud storage. Test the backup restoration process to ensure data can be recovered in the event of a cyber attack or data loss incident. By doing this, if an attack occurs, operations can continue without this disruption or loss.
Incident Response Plan: Develop a comprehensive incident response plan that outlines the steps to be taken in the event of a cyber attack or data breach. Define roles and responsibilities, establish communication channels, and regularly test and update the plan to ensure its effectiveness. A lot of this can be handled internally provided the action owners understand what is required of them, before relying on subject matter experts to undertake investigations or negotiation with the threat actors.
Stay Informed: Stay updated on the latest cyber threats, trends, and best practices in the not for profit sector. Follow reputable cyber security resources and participate in industry forums or networks to share knowledge and learn from others’ experiences.
To learn more about how Amicis is supporting those in the charity and not for profit sectors, and how we may be able to help your organisation in using cyber security as an enabler for your digital environment, please reach out to us at hello@amicisgroup.co.uk