Rhodri Jones, Head of Digital Services at WCVA, and Elis Power at TARIAN Regional Cyber Crime Unit, outline why voluntary organisations should be wary of cyber-attacks and what they can do to prevent them.
Did you know that almost a quarter of charities reported having experienced a cybersecurity breach or attack in 2020, with a fifth of these charities experiencing a breach at least once a week? With cyber-attacks on the rise, and the nature of these attacks constantly changing, how can you keep your data, assets, staff and reputation safe?
We hear more and more about organisations falling victim to cyber-attacks – and I’m sure we all remind our employees to be mindful regarding the opening of suspicious emails or clicking on links they shouldn’t.
Recent benchmarking has shown that around 20% of employees open links that they shouldn’t, and phishing is the number one cause of cybersecurity breaches being linked to 90% of incidents. Chief Executives and Finance Directors are key targets for criminal activity, but all your employees are the weak link in any IT Security.
The first step is awareness. The terminology used within cybersecurity and cybercrime can sometimes seem like an alien language which, without a translator, can be overwhelming. There is also a tendency to assume that cybersecurity and cybercrime is the sole responsibility of an IT department since it involves computers.
However, it is not just the IT department interacting with your charities’ computers, devices, and data. And it only takes one person clicking on a malicious email for a door to be opened to a cybercriminal. In fact, studies have shown that 90% of cybercrime occurs because of human error. So cyber is, in fact, everyone’s responsibility. From volunteers and staff through to senior management and trustees.
And taking responsibility is easy once the individuals within your charity understand the risks, and the simple steps which they can take to protect themselves and the organisation.
So how do you know how your organisation stacks up?
OUR PHISHING TRIP
In January, WCVA, working closely with TARIAN, the Regional Organised Crime Unit and Not2Phish, ran an exercise which simulated a phishing attack against WCVA Staff.
In the planning stages we made sure that WCVA systems would allow the phishing emails through and ran a campaign to educate staff on what they should do in the event of receiving such an email. The planning was both professional and meticulous by Not2Phish, and only a couple of key WCVA Staff knew the full details of the exercise.
On the day of the exercise an email from a fictious address with a link to ‘Coronavirus information’ was sent to all staff, and those clicking on the click were taken to a Not2Phish holding page. On this occasion only 10% clicked on the link, below the benchmark figure but still quite a risk.
Those 10% were registered on to a Not2Phish online training package to enhance their knowledge so that hopefully the next time when it’s not an exercise they will be more careful. Post exercise we reported the results at one of our weekly staff meetings and TARIAN also ran an online Cyber Security awareness webinar for all our staff.
RUN YOUR OWN PHISHING EXERCISE
The Not2Phish platform is an affordable phishing simulation and training platform funded by the Welsh Government and powered by the University of South Wales.
TARIAN Regional Cyber Crime Unit (RCCU) work across all levels to increase awareness and confidence around cybercrime, with presentations and exercises, all delivered in a straightforward and engaging way.
Everything TARIAN offers is part funded by the Home Office, Welsh Government and the three Southern Wales Police Forces, and intended to better protect the organisations and communities of Southern Wales. Their services are fully funded and will not cost you anything, other than some of your time – which could potentially be the difference between a successful cyberattack, and business as usual.
For more information on how TARIAN can help your charity or voluntary organisation, please do get in touch with the team today: RCCUfirstname.lastname@example.org