AJ Thompson is CCO at Northdoor plc
17th August 2020
Even before the global pandemic the charity sector was ill-equipped to protect themselves from cyber criminals targeting their systems. With cyberattacks becoming ever more sophisticated the threat is increasing, and with many charities working on sub-standard tools out-of-date legacy systems that don’t support technological advancements, means they can easily fall victim to an attack.
According to a survey from the Department for Digital, Culture, Media and Sport, one in five charities experienced a data breach or cyberattack in 2018, with phishing emails being the most common. 75% of charities have reported that cyber security is a top priority, however few have invested in it.
In 2019 the government’s latest Cyber Security Breaches Survey found that 26% of charities within the last 12 months and the pandemic has inevitably accelerated this trend. According to the Charity Commission, threat actors are utilising the pandemic to exploit charities and commit cybercrime. With the police reporting a spike in COVID-19 scams, this prompted the commission to issue advice to the charity sector on how best to protect itself, with those offering services & support to local communities particularly affected.
The commission believes that there are various ways in which charities can be a victim of scams, including those which involve the online sale of vital personal protective equipment (PPE), which are either not dispatched once payment is made or do not comply with standards. Therefore, The Charity Commission has requested that charities undertake due diligence when purchasing supplies and requests that employees remain cautious when asked to change bank details or sending payments to a new vendor. Validation processes need to be followed wherever possible to check authenticity before making payments or changes
The Charity Commission wants charities to undertake due diligence in case they are purchasing from a company or person they did not know previously. Furthermore, when charities are not sure from whom they are buying, it is advisable that the concerned person discusses with fellow trustees, colleagues or volunteers before making the purchase, said the commission.
The charities’ regulator has advised that charity employees be cautious at all times when asked to make changes to bank details or sending payments to a new account. It urges charities to follow their validation procedures, wherever possible, and check the authenticity of such messages prior to making any payments or carrying out banking changes.
The National Cyber Security Centres’ (NCSC) Cyber Threat Assessment report for the UK Charity Sector has identified that the most common attacks against charities were phishing emails containing links to fraudulent websites. These attacks can often lead to malicious software making its way into IT systems. If a charity loses access to its online services, it could result in a very real threat to its survival, as well as reputational damage and loss of service delivery.
However, even with employees aware of the risks and remaining vigilant, this may not be enough. Unsupported technology can also lead to security risks, exposing organisations to data breaches and leaving systems and information vulnerable to attack.
Money is a big factor here, with many charities unable to update their infrastructure due to insufficient funds. Cloud services can offer a sustainable alternative in terms of cost savings, flexibility and scalability.
Using the latest technology is not just about innovation and growth. The work-from-home model has been forced upon businesses in all sectors and of all sizes by the pandemic. Today’s technology has not only made this possible, but also cost-effective and efficient, allowing charities to accept donations as we settle into this “new normal”. Cloud adoption allows charities to gain business continuity that can prove crucial during these unusual circumstances. It means that no matter where you or your staff are, business as usual can be maintained.
For more information visit our cloud services page