Last year over one in five UK charities (22%) experienced a cyber security breach, with almost 40% of those experiencing breaches as often as once a month. It is clear that when it comes to cyber-attacks, charities are no exception. A key risk for charities lies in the amount of personal data that they are processing which, in many cases, is also considered sensitive or ‘special category’ data. Loss or theft of this kind of data can have serious implications under GDPR and post-Brexit, the Data Protection Act 2018. Time and productivity can also be lost in the event of a breach as staff may be unable to work or have to spend time to help in dealing with the situation. On top of these, there is also the potential reputational damage which can have a massive impact on the performance of charities which rely on trust.
The kinds of threats that charities are facing aren’t usually too sophisticated. A lot of cyber-attacks rely on exploiting people and manipulating them through methods such as phishing in order to defraud their victims. Charities relying on people getting in touch with them and supporting them and so tend to provide an ideal target which is more trusting when it comes to inputting account information. Phishing is the most common form of cyber-attack and the number of phishing attacks actually increased over 2018. It is a low-skilled attack that is popular due to the minimal amount of effort required to carry it out alongside potentially high rewards.
Fortunately, there are new resources becoming available to charities free of charge. The government’s National Cyber Security Centre (NCSC) has created a wealth of resources including tool-kits for boards and trustees to help charitable organisations gain the insight that they need to protect themselves. They aim to break down some of the myths surrounding cyber security and provide easily accessible content that can be understood by everyone, raising the overall level of security across all charities and businesses. By following their 10 steps to cyber security, organisations can help negate up to 80% of common cyber-attacks against them. There are also accreditations such as Cyber Essentials (a government backed scheme) that are designed to assess the application of cyber security controls in an easy to follow framework that allows organisations to both ensure that they maintain a high standard when it comes to protecting data, and showcasing this to others which can help to build trust.
At PKF Francis Clark, we have worked with businesses and charities alike to deliver both training and technical support for cyber security. Keeping your people up to date can be just as critical as keeping your systems up to date as they are the gatekeepers when it comes to attacks like phishing. Cyber security can, at times, seem overwhelming, with new incidents appearing on the news being almost part of the daily routine. If you have any concerns regarding cyber security or data protection, please feel free to get in touch with us for a chat at firstname.lastname@example.org, we’d be happy to help.