Cyber security FAQ: why charities can’t afford to ignore the risk from malware

We take a frank look at the risk to charities from malware, answering some of the most common questions that charities ask.

Chloe Green | 16th Sep 19
Image of a danger sign representing the danger to charities from malware

Click here to get Avast Business Antivirus for the first time on Charity Digital Exchange (eligible charities just pay an admin fee of £6+VAT)

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. That is why in this article we try to shed some light on the world of malware, with help from cyber security experts Avast.

[UPDATE]  In our new exclusive video with the NCSC (National Cyber Security Centre), we got a great five minute overview of the cyber security risks that charities face, what they need to be looking out for and the resources and help they need.


Q: What is malware?

A: Malware (short for malicious software) is a common tool that cyber criminals use to get inside devices, take control of them or steal information.

In much the same way as the common cold, malware (short for malicious software) is easily caught and always evolving. It continues getting faster and cleverer, finding new ways to access your charity’s devices or network. And just like a cold, it’s much easier to prevent it than it is to deal with its effects once it’s taken hold.


> See also: One in five charities hit by a cyber security breach

Q: Are charities at risk from malware?

A: Yes. Just like commercial organisations, charities hold valuable data that cyber criminals will trade for a high price on the black market. Malware is one common (and easy) way of stealing that data.

One in five charities were affected by a breach of their data last year, costing them an average of £9,470 to fix what could have been prevented for a tiny fraction of that cost.

But monetary cost is just the tip of the iceberg. Whether or not data is stolen or recovered, the charity sector exists on a foundation of trust. Charities simply cannot afford anything that damages their reputation in the eyes of the public, their stakeholders, service users or supporters.

Added to this, charities running a tight shift to deliver critical services to their communities and service users often rely on the use of data and computers. The resulting downtime from dealing with a malware infection is just not an option.

All of this makes malware a significant threat to charities.


Q: How does malware spread?

Malware takes many forms, and new variants are popping up all the time. These variants are mainly classified by the method they use to infect a device, and what they do once inside.

Avast’s free eBook ‘Guide to Malware 101: Everything you need to know about malicious software’ gives an overview of some of the most common types of malware, including worms, spyware and bots.

Some malware variants spread through opening infected emails designed to entice users to click. This method is called ‘phishing.’

Other types can sneak onto your computer from a website or from social media, or through a vulnerability in the software you use.

Malware known as a ‘trojan’ can disguise itself as a known and trusted piece of software, only to infect a device and do damage once downloaded. ‘Worms’ use a computer network to spread from one device to another.

It’s also important to be aware that malware is not just limited to computers and mobile devices connected to the internet. Any digital device can potentially be a target, including debit card readers and POS (Point of Sale) systems.

As this Avast blog explains, any organisation that has a POS system can be hacked, and it’s a tactic that’s unfortunately becoming widespread.

> See also: Top 10 cyber security resources for charities


Q: What does malware do?

Once a device is infected, malware can be very difficult to detect until the damage is done. Cybercriminals can execute files, steal information, modify configurations, alter software, or even install more malware.

One particularly potent type of malware locks a device from use, often containing valuable data, until a ransom is paid.

St John Ambulance was a recent victim of this type of attack, known as ransomware.

The NHS was famously hit by one of the most damaging malware attacks in recent years, a powerful variant known as WannaCry, which affected more than 200,000 computers in at least 100 countries in 2017. It cost the NHS an eye-watering £92m as well as disrupting services across hundreds of NHS organisations.

This infographic from Avast explains more about the risk from ransomware and what to do about it.


> See also: NCSC launches charity cyber security guidance

Q: How can malware be stopped?

A: Prevention is always the best defence. A lot of malware infections can be prevented from ever reaching a device by simple behavioural changes that ensure all staff and volunteers are vigilant and use caution before clicking on or downloading anything.

For instance, this Avast blog looks at how to spot and prevent a phishing attack. These type of malware attacks are becoming increasingly clever at looking like legitimate emails, such as by imitating CEOs from a spoofed email address, as the Charity Commission recently warned. This makes it more important than ever to stay alert.

Having automated software such as antivirus in place is also an essential weapon in the fight against malware.

This includes antivirus for detecting and preventing infections, patch management for keeping software up to date and secure, and secure web gateways for keeping threats on the internet at bay.

Cost-effective security software is especially important for growing non-profit organisations, who handle large amounts of sensitive data but don’t always have additional IT resources to stay on top of security.

Charities can get discounted antivirus and many other professional level security products from Avast, now available for the first time on the Charity Digital Exchange site.