National Cyber Security Centre publishes cyber threat assessment for charity sector
- Culture of openness makes small charities more vulnerable to cyber fraud and extortion
- Charities falling victim to a range of attacks with potentially devastating consequences
- Accompanying guidance will help protect charities from common types of cyber crime
DEVIOUS tricks to defraud small charities through online attacks have been exposed in the first ever threat assessment for the sector, along with guidance about how to defend against possible risks.
The pioneering work has been created by the National Cyber Security Centre (NCSC), a part of GCHQ, to help those in the sector defend themselves from the most common cyber attacks.
There are almost 200,000 charities registered in the UK and the NCSC’sCyber Threat Assessment reveals how their valuable funds, supporter details and information on beneficiaries is being targeted.
Alongside the assessment, the NCSC has also published the Small Charity Guide to outline easy and low-cost steps to protect from attacks. It includes expert advice focused on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.
While the assessment relates to all charities, the guidance is particularly useful to smaller organisations who are more vulnerable due to having incomes of less than £1 million per year.
Alison Whitney, Director for Engagement at the NCSC, said:
“The National Cyber Security Centre is committed to supporting charities and we strongly encourage the sector to implement the advice outlined in our guide.
“Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.
“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets, and reputation.”
The report finds that cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example listed details how a UK charity lost £13,000 after its CEO’s emails were hacked to send a fraudulent message instructing their financial manager to release the funds.
The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission.
Charities have also been encouraged to join the NCSC’s free Cyber Information Sharing Platform (CiSP) to exchange threat information in a secure and confidential environment.
The assessment and report have been well received by the sector, with heads of influential bodies praising the NCSC’s work.
Helen Stephenson Chief Executive of the Charity Commission for England and Wales, said:
“We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”
Pauline Broomhead CBE – CEO, Foundation for Social Improvement, said:
“This guide will give leaders in smaller charities confidence that they are taking the necessary steps to protect their charity. It is an excellent guide and we intend to make sure our members are fully aware of the valuable information it contains.”
Sir Stuart Etherington – CEO, National Council of Voluntary Organisations (NCVO), said:
“Awareness and knowledge about cyber security continue to differ among charities, but it is important that all charities protect the data they hold from cyber crime. That is why this guide for charities is so welcome – it will help trustees and those working in charities understand what the threats are, and what steps they need to take to minimise the risk of a cyber attack.
Mandy Johnson, CEO of the Small Charities Coalition, said:
“The Small Charities Coalition welcomes this initiative by the National Cyber Security Centre. As a Coalition we are proactively encouraging small charities to make more use of digital technology, so the timing of this guidance is especially helpful.”
The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.
The Cyber Aware Perceptions Gap Report has also been published today, demonstrating common misconceptions that are preventing people from protecting their online security.