Charities are at an increased risk of cyber-attacks and scams—mainly due to their typically limited resources, and their reliance on volunteers who may not have adequate technical education or experience in dealing with digital security issues.
Cybercriminals target charities because they rightly suspect that such organisations may have weaker digital security protocols. They figure that, by their very nature, charities are unlikely to have the funds to pay for expensive firewalls and protection.
Smaller charities in particular, which make up around 95% of the UK’s third sector, rarely have the luxury of state-of-the-art cybersecurity measures. Their budgets are typically focused on carrying out their mission and supporting those in need. This leaves them vulnerable to attacks from cybercriminals, who are becoming increasingly sophisticated in their methods of infiltration and fraud.
One common way cybercriminals target charities is through phishing emails. These emails may look like any other, but they’re designed to trick the recipient into clicking on a link or downloading an attachment that contains malware or spyware. Once this happens, the hacker can gain access to the charity's network and steal sensitive information (including financial info) or plant viruses.
Another element from which charities are vulnerable to cyber-attacks is the use of weak passwords or a lack of two-factor authentication. Most small charities attract older volunteers as, being retired, they commonly have spare time to donate to their favourite cause. It’s likely that older people will not be as familiar with best practices in cybersecurity, nor may they realise the importance of creating strong passwords/enhanced authentication to prevent unauthorised access to the charity’s accounts. They may also be unaware of the importance of backing up data on the devices they use.
Charities are also at greater risk of ransomware attacks. This is where cybercriminals use malicious software to encrypt a charity's data, which they render inaccessible until the organisation pays a ransom. This can be devastating for charities that rely on their data to carry out their work. It may result in lost donations, compromised donor information, and damage to the charity's reputation.
To combat these threats, charities should take steps to improve their digital security. This could include investing in more robust cybersecurity measures—such as firewalls and anti-virus software—as well as implementing regular staff training on best practices in cybersecurity.
Charities can also ask cybersecurity experts to conduct regular vulnerability assessments on their organisation. This practice can identify areas of weakness in their digital security and protocols. Once highlighted, the charity can then take proactive measures to address these vulnerabilities, which will ultimately reduce the risk of cyber-attacks.
Digital security may not be a core cost that charities place much importance on. However, considering the fallout and implications that could arise from a breach of their digital security, they should ask their benefactors for donations towards improved digital security measures. This could be in the form of a dedicated fund for the organisation’s cybersecurity or a partnership with a cybersecurity company that is happy to provide discounted services to organisations working in the third sector.
As an entity that only works to improve the good in the world, charities can be forgiven for forgetting that it contains people who have no qualms about hurting others or causing them problems. It’s important that they think of their good cause as any other business, and work to protect its assets and information, both physical and digital.
As organisations that will rarely have a dedicated cyber-crime-fighting department, small charities will likely outsource their security and protection to a third party. Knowing this, there may be a higher number of fraudulent and bogus companies offering a solution from cyber-criminals, yet they could be cyber-criminals themselves, taking advantage of vulnerable good causes! Therefore, check out anyone you’re thinking of using in this regard; speak to other organisations they’ve worked with, don’t just believe their online ratings and reviews.
Given that charities try to combat issues that can be sensitive or political in nature, they could also (unknowingly) attract activists. Cyber-attacks could therefore stem from a vendetta against the cause you’re trying to ease, eradicate or publicise. Again, robust digital security will help protect your organisation against anyone targeting it.
It’s a sad fact that those with no morals would stoop so low as to go after people trying to do good in the world, but it’s not a surprise either. Criminals don’t care about anyone else, nor the damage they leave in their wake. And because they have no qualms about stealing from the vulnerable, charitable organisations should take extra care when it comes to the security of their data, their systems and their finances.