The best cyber security tools for charities 

We take a look at some of the best cyber security tools available to charities – from general security to password management and measures against phishing

Paul Rubens | 19th Nov 19
cyber security tools for charities

Charities offer the potential of rich pickings for hackers and cyber criminals for several reasons. They often store large amounts of valuable data about supporters, they may control significant amounts of money raised from those supporters, and 44% of charities don’t protect themselves with the right cyber security tools since they don’t believe they are at risk.  That may explain why 22% of UK charities faced cyber attacks last year. 

 

Risk management

It’s also true that many charities have a limited number of IT staff, and those staff may have a small cyber security budget compared to large businesses. That means it is essential for charity leaders to deploy that budget as effectively as possible to minimising the risk of cyber security breaches by mitigating the most common vulnerabilities. 

 

Phishing, malware and ransomware 

For many charities, the most likely form of cyber attack that they will encounter is a phishing attack, which involves criminals sending out fraudulent emails. 81% of charities reported receiving phishing emails last year. These emails often contain links to websites that imitate the websites of banks and other financial institutions to enable criminals to steal login names and passwords 

They may also include attachments that are infected with viruses and other malware such as keyloggers, which steal user names and passwords from an infected computer, and ransomware, which can spread around a charity’s network and encrypt the data on all the computers it encounters. The cyber criminals then demand a ransom, usually payable in cryptocurrency, to restore the systems to working order. 

 

Date exfiltration 

Criminals may also exploit vulnerabilities in software used by charities to gain entry to the charity’s computer network. Once they have infiltrated the network they will typically search for databases and stores of valuable information and exfiltrate any useful information that they find to exploit or sell to others in the criminal underworld. 

 

Mitigation tools 

What tools can charities use to protect themselves from these threats? We have taken a look at several cyber security tools. Products marked with a * are available as part of major technology companies’ donation programs on the Charity Digital Exchange 

 

1.) Endpoint security software for general computer security protection 

This type of software used to be known as anti-virus software, but as well as detecting and removing viruses, endpoint security software may also protect against ransomware, help detect phishing (and other suspicious) emails, detect intrusion attempts, block malicious links, and provide a firewall to prevent hackers from “scanning” the computer to see what software it is running and whether any of that software can easily be hacked. 

Example of endpoint security software include: 

Avast CloudCare AntiVirus * 

Bitdefender GravityZone Business Security * 

McAfee Endpoint Security 

 

2.) Filtering software for protection from phishing attacks and malicious websites 

These cyber security tools can defend charities from phishing attacks by attempting to detect phishing emails before they are opened by the recipient, and by checking any websites that users visit to detect phishing websites or those that may attempt to infect their computer. 

Examples of this type of software include: 

Avast Secure Web Gate * 

Avast Content Filtering * 

Mailshell Anti-Spam Desktop * 

 

3.) Password managers for protection against fake website 

Password manager programs store usernames and passwords for bank accounts and other websites that need a high level of security and enter them automatically at the appropriate website when the password manager has been activated with a master password Since password managers are not fooled by phishing websites and will only log on automatically to genuine websites, they afford a high level of security against many types of phishing attacks. They also increase the general level of security of a charity by making it easy to manage and use different passwords for different accounts. 

Examples of password managers include: 

LastPass 

1Password 

Dashlane 

 

4.) General security appliance for convenient cyber-security protection 

Large enterprises use a variety of security systems including firewalls, data traffic filterers, malware detection, and intrusion prevention and detection systems to protect themselves from cyber criminals. But these systems are complex to install and manage and require an IT security team to manage and update them. 

An effective alternative for charities and smaller organizations of all kinds is an all-in-one security appliance, also known as a Unified Threat Management appliance or UTM. This is a single device that can be plugged into the organization’s computer network to provide all of these security functions. Security appliances are designed to be easy to manage and can usually update themselves automatically.  

Most security appliances provide a basic level of security features, but other security features can be enabled for an annual subscription if required.  

Examples of security appliances include: 

Cisco ASA 5506-X Security Appliance * 

Sophos XG106 Security Appliance 

Zscaler (cloud-based UTM service)