‘Pinkware’ the biggest threat to small charities
People, not tech, is the biggest threat to a charity’s cyber security, experts have warned.
Software isn’t the biggest cyber security threat to charities, but rather, people or ‘pinkware’, security firm NexusProtect has warned at a recent event in Liverpool addressing charities and non-profits on cyber-security run by accountancy firm BMW.
NexusProject Managing Director Nick Holden said: “Many small charities, in particular, lack the resources or skill set to have people specially trained in this area and that makes them vulnerable. That is where we have seen the bigger risk of cybercrime.”
He added: “The biggest scams right now are carried out by phishing via emails. It used to be an attachment people were asked to click on but now they are getting smarter. Often the link can be hidden in the ‘unsubscribe’ button.”
“The rule is always, if you are not expecting it and you are unsure of where it has come from, then don’t click on it just delete it.”
Other vulnerabilities, he said, came when people were careless with passwords or through mobile devices which offered access to organisation systems. Disgruntled employees also posed a threat, he added.
“You have to be careful how you set up your logins. Everybody needs to have a separate profile on the system,” he explained.
Holden said that perpetrators using malware such as viruses or phishing often did not target organisations specifically but used software to seek out particularly vulnerabilities in an organisation.
“That is how the NHS was exposed a couple of years ago,” said Holden. “They weren’t directly targeted. Other organisations around the world were also hit at the same time.”
GDPR and sensitive data
Charities also hold data about service users and donors. Given the nature of charitable work, the information they hold can be very sensitive – information on vulnerable people and situations could be on file. Recent regulation on GDPR and data protections means that charities can face fines and penalties if data is not protected properly.
“Breaches of data protection under the tighter GDPR regulations can not only lead to fines but also leave your organisation open to civil action and reputational damage,” said Holden.
Catch up on Charity Digital webinars:
- HR: the GDPR risks that could catch your charity out
- Keeping your charity cyber secure
- 5 steps every charity should take to improve their cyber security
- Setting up your charity’s risk management regime
- Is your charity doing enough to protect from cyber attacked?