In this blog Siân Eagar, WCVA’s Resilience Officer, shares some learning from Charity Fraud Awareness Week to help voluntary organisations improve their cyber security.
UNDERSTAND THE NEED FOR ACTION
During Charity Fraud Awareness Week 2022 (17-21 October) the Charity Commission issued a stark warning to charities that they must not underestimate the threat of online fraud. A recent survey of charities in England and Wales, undertaken on behalf of the Charity Commission, revealed
- one in eight charities (12%) had experienced cybercrime in the past 12 months
- only around 24% had a policy to manage the risks
- only around half (55%) of charities reported that cyber security was a fairly or very high priority in their organisation.
Concerns about the voluntary sector’s vulnerability to cybercrime have increased given that, since the pandemic, many voluntary organisations have developed a greater digital footprint by moving fundraising and day to day operations online.
THE GOOD NEWS – SIMPLE STEPS MAKE ALL THE DIFFERENCE
There was good news from North Wales Police Cybercrime Team at a recent WCVA webinar – you don’t need to be a computer expert to avoid being a victim of cybercrime!
Developing a few good online habits drastically reduces your chances of becoming a victim, makes you less vulnerable and lets you use the web safely. Here are five easy tips that you can put into action at your organisation:
1. Passwords – strengthen your passwords and avoid using generic or predictable words or numbers. It’s recommended that your passwords should be made up of three unconnected words eg ‘fishbooktable’, and think of three different words for each account, so if one is compromised the others are safe.
2. Two-factor authentication – if it’s available switch it on! With two-factor authentication, also called 2-Step Verification, you can add an extra layer of security to your account in case your password is stolen. This is recommended for all online accounts including social media.
3. Update your software and apps – if you receive a prompt to update your device (or apps), don’t ignore it. Applying these updates is one of the most important (and quickest) things you can do to keep yourself safe online as updates include protection from viruses and other kinds of malware. You should also turn on ‘automatic updates’ in your device’s settings, if available. This will mean you do not have to remember to apply updates.
4. Back up your data – ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless they pay a ransom.
Regularly back up all your documents in at least one other place to minimise the risk of losing everything if you get a ransomware virus. You can back up data onto a USB stick, an external hard drive or a cloud server. Remember to test your system and make sure that you are backing up everything you need.
5. Think about how you operate – fraudsters rely on people working under pressure, not checking information and making mistakes. Consider ways that someone might target your organisation, and make sure your staff all understand normal ways of working (especially regarding interaction with other organisations), so that they’re better equipped to spot requests that are out of the ordinary.
Make sure staff and volunteers know what to do with unusual requests, and where to get help. As an example – payment diversion fraud is on the increase, so having a process in place to check a change of bank details for a supplier is a good idea.
MORE GOOD NEWS – HELP IS AVAILABLE
Voluntary organisations can access help through the Cyber Resilience Centre for Wales, a police led not-for profit organisation that offers a range of services and advice. The Cyber Resilience Centre for Wales works with the all Wales Police Cybercrime teams to increase awareness of the current cybercrime threat and support organisations in taking steps to protect themselves.
You can visit their website for resources to improve your practice and find information on their awareness training, membership scheme and services for organisations.
After hearing from the experts from the Cyber Resilience Centre for Wales and North Wales Cybercrime Team it’s clear that cybercrime is serious threat to voluntary organisations but one that we have the power to lessen.
Whilst voluntary organisations will always be a target for online fraudsters, by taking simple steps to increase awareness amongst staff and volunteers and developing good online habits you can make sure that your organisation doesn’t become the next victim.
USEFUL LINKS
Cyber Resilience Centre for Wales
Action Fraud (to report incidents of cybercrime)
FREE ONLINE SESSION
On 24 November 2022 Business in the Community are running a free online event – Prioritising Cybersecurity and Managing Cyber Risks for Not-for-Profits.