The recently published Cyber Security Breaches Survey 2022 has revealed that almost a third (30%) of charities experienced a cyber security breach or attack in the last 12 months. In this article, we’ll detail the most common types of cyber-attacks impacting charities and outline some practical actions you can take to try and reduce the chances of your organisation becoming the next victim.
The most common types of charity cyber-attacks
By some distance, the top cyber security threat experienced by charities in the past year was phishing attacks. This is when attackers try to trick a user in to clicking a bad link. This typically happens via a text message or email. When clicked the link can install malware or take them to a fake website where the user is encouraged to leave personal details which can then enable the attacker to gain access to their – and potentially your charity’s – accounts and systems. This is a huge problem, with 87% of charities reporting a cyber breach in the past 12 months stating that at least one of the attacks was phishing based.
Other common types of cyber-attack were: viruses, spyware or malware; hacking, or attempted hacking, of bank accounts; other attempts to impersonate their organisation via emails or online; and, finally, the takeover of the organisation or user’s accounts via a hack.
The impacts of these cyber breaches were many and varied, including: money being stolen; reputational damage; the organisation’s website and other online services being taken down; a temporary loss of access to files or networks which stopped staff carrying out their work; systems and software being corrupted; and accounts being compromised. How would your organisation cope if it experienced any of these?
5 practical steps your charity can take to reduce the risk
Cyber security can seem an overwhelmingly complex area, with threats continually evolving and becoming more sophisticated. We know this can make it tough to know where to get started. To help, we’ve highlighted some useful tips and resources to read below.
1. Increase cyber security awareness amongst all staff
Cyber security isn’t just the responsibility of the IT department. Most cyber breaches occur as a result of phishing emails sent to employees, so every member of staff is effectively on the front-line. Do you think your staff would be able to spot these constantly more authentic looking messages, every time?
Unfortunately, only 19% of charities have provided staff with cyber security training in the past year. This means the vast majority of charity staff lack the knowledge they need to help protect their organisations.
It’s essential that all of your staff receive regular cyber security training, to ensure they are aware of the latest threats and how to identify them. This should be seen as an ongoing task rather than a once and done training session.
2. Make two-factor authentication essential
Two-factor authentication (also sometimes known as multi-factor authentication) is where a user has to produce more than one piece of proof that they are who they say they are when logging in. You’ve probably done this yourself with your personal email, or another online service. For example, you can opt to receive a text message the first time you attempt to log-in on a new device, the phone acting as secondary proof that you are a legitimate user.
If this relatively simple method is enforced across all of your systems and online services – combined with making users set strong passwords – many cyber-criminals’ efforts will be thwarted at the first hurdle. Unfortunately, less than a third (31%) of charities actually do this currently.
3. Make full use of the available government support
The National Cyber Security Centre has a number of useful cyber security initiatives and resources that charities should take advantage of. In particular, the 10 Steps to Cyber Security and the Small Charity Cyber Security Guide. These give clear guidance and practical advice on how organisations can protect themselves against many cyber threats. They include tips on protecting your charity from malware, backing up your data and avoiding phishing attacks.
It’s also worth considering completing the government-backed Cyber Essentials scheme. This will help you understand and reduce your vulnerability to the most common cyber-attacks.
4. How safe are your suppliers?
A common way that cyber criminals attempt to breach an organisation’s systems is via third-party suppliers. Based on this, your data and systems are only ever as safe as your weakest supplier’s cyber security programme. Just 9% of charities have proactively taken steps to review the cyber security risks posed by their suppliers. Do you know what precautions your key suppliers take to protect their, and possibly your, data? Have they implemented two-factor authentication or other basic security measures? It’s worth taking the time to find out, before their weaknesses are exploited at your organisation’s expense.
5. Protect your charity with specialist cyber insurance
Despite the number and complexity of cyber-attacks ever-increasing only just over a quarter of charities (27%) have taken out Charity Cyber Insurance.
Cyber-attacks can prove costly and disruptive. A specialist cyber insurance policy can help give you the expert support you need if the worst happens. It won’t just cover your financial losses, it will also give you access to cyber security experts who can help to recover your systems and help you understand what caused the breach, so you’re protected in the future. It can also provide you with access to legal support.
As experienced Charity Insurance brokers, WRS Insurance Brokers can help you find the right Cyber Insurance for your charity. Get in touch with our impartial, ethical team to discuss your organisation’s needs and request a quote.