Charities urged to protect themselves from cyber attacks » Charity Digital News

Charities urged to protect themselves from cyber attacks

Charities are being reminded of the need to have sufficient and effective measures in place to protect against cyber attacks.

The ongoing ‘WannaCry’ ransomware attack has highlighted the damage caused by attacks if IT systems and protection aren’t kept up-to-date. While it’s unclear if any charities have been targeted by this attack, charities could be a prime target for future cyber criminals.

Speaking at the Charity Finance Group’s Annual Conference earlier this year, James Mulhern, chief information security officer at Eduserv outlined how charities are a target because they tend to store large amounts of stakeholder data.

“Charities are a big target for cyber criminals because they have valuable data, including personal information which is of huge value to attackers,” he said.

Those views are backed up by the Cyber Security Breaches Survey 2017, which revealed nearly seven in ten large organisations identified a breach or attack. The survey also showed organisations holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51% compared to 37%).

The most common breaches or attacks were via fraudulent emails – for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments – followed by viruses and malware, such as people impersonating the organisation online and ransomware.

 

Effective protection

Charity software specialist Technology Trust adds that charities can effectively protect themselves by using donated security software:

“A lot of the problems have been caused by organisations using legacy systems, predominantly Windows XP, which is no longer supported by Microsoft,” says Richard Craig, CEO of Technology Trust. “It’s understandable that charities try to send as much money through to their cause but this shows what can go wrong if you postpone upgrading.

“Microsoft donates Windows operating systems to charities so that at least takes a lot of the cost away.

“Beyond that, a lot of the damage done can be reversed much easier if you back up systems with something like Veritas Backup Exec, which again, is donated to charities.

“By being sensible, keeping your operating system up to date, having an antivirus in place and backing up your files, you minimise the risk, which unfortunately the organisations that have been caught out haven’t been doing.”

Related reading

  • Michael Martin

    No doubt, cyber protection is an integral duty of all charities. However, not all charities may access donated or discounted offerings – misleading to suggest otherwise. Setting aside the issue of increasing data protection onus to use only UK suppliers, most security vendors (TT scheme or otherwise) stipulate that a UK applicant must be registered with the Charities Commission or evidence HMRC tax exempt status. As too, by non-security vendors. Along with sizeable numbers of start-up, early-stage and micro charities who are yet to meet CC registration criteria (discouraged from registering until meeting it), our incorporated charity takes security seriously but are obliged to source alternatives; luck of the draw if those limited choice options are as robust, despite paying more even when kindly offered some reduction. Moreover, it’s not one size fits all: several solutions may be advisable, with associated cost. Ultimately, there’s no guarantee of protection: extent of deterrent is what we’re talking about and risk-management is relative to perception of risk. Boards are accountable so every precaution ought to be taken, but as with commercial counterparts, it’s not a level playing field. Handing over considerable percentage of surplus or reserves to commercial vendors seems a necessary evil (and I speak as one with 30yrs in commerce). My colleagues and I don’t need doom-mongering to prompt action. Nor do we expect everything on a plate. But accurate reflection of options viz. circumstance would be welcome…