Charities need to do more to combat cybercrime, urges report

A Scottish Council for Voluntary Organisations report details how charities are still vulnerable to cyber crime and need to go beyond GDPR requirements to protect the data of vulnerable people.

Joe Lepper | 25th Oct 18
Standing Guard From Cyber Attacks

Charities are being urged to do more to tackle cybercrime as well as ensure service users’ data is protected, according to a report into digital trends in the Scottish third sector.

The Scottish Council for Voluntary Organisations (SCVO) report looks at progress made among Scottish charities to improve their digital capability since it launched its Call to Action to Create a Digitally Confident Third Sector in Scotland report in November 2016.

Its latest report Creating a Digitally Confident Third Sector in Scotland: What Next? is based on research among 80 charity sector leaders and offers practical advice and examples of good practice on how to improve.

A key area where improvement is needed, says the SCVO, is improving cyber security, with charities continuing to succumb to cyber criminals. The report also notes that a “culture of trust” among charities makes them particularly vulnerable to criminality.

Cybercrime is big business. Attacks can be incredibly sophisticated or comically obvious,” states their report.

“They can be random, targeted or result in collateral damage. The third sector faces the same risks of operating in a digital world as everyone else.

“Over the past two years we’ve seen third sector organisations lose hundreds of thousands of pounds due to cybercrime. Organisations must take steps to understand their digital assets and take steps to protect them.

“This includes having the appropriate technical measures in place (up-to-date software, anti-virus and back-ups); and building the essential digital skills of all staff, trustees and volunteers – paying particular attention to ensuring people know how to spot scams.”

Charities should go above and beyond GDPR

Another priority for charities in improving their digital capabilities is data protection, in particular information relating to vulnerable service users.

The SCVO report urges charities to do more than the requirements of the EU General Data Protection Regulation (GDPR), which came into force in May 2018. Charities also need to become more vocal in debates around technology and regulation.

“There is a need for organistions to go beyond simply being compliant with current legislation related to personal data and technology,” states the report.

“The third sector works with some of the most vulnerable people in our society.

“We therefore have a duty to ensure everyone we work with and can use the internet purposefully, confidently and safely. We also must take part in the public debate on regulation and technology.”

The report includes a list from charities of 15 “suggested actions” to improve digital organisation and capability.

This includes getting digital discussed at board level, using off the shelf, low cost digital options and moving to the cloud.