Over the past 24 months, 5.8 million incidents of cyber-crime have been reported across the UK.
Of these, 2.4 million relate to bank account or credit card fraud: 1.3 million to computer virus attacks and 650,000 related to the hacking of E-Mail, social media or other forms of account.
The cost to the UK economy is widely estimated as 195 billion per year, with 1 in 10 adults having been targeted.
Charities are seen as particularly vulnerable. Like most other nationals, they can hold vast amounts of supporter and donor information.
So what can charities do to protect themselves?
Top tips for preventing cyber-crime:
To reduce risk, Charity financials suggest that charities charities should review their technology systems and ensure they have current software, firewalls and security systems installed. As the Charity Commission[iv] suggests, they should always install software updates as soon as they become available, as they will often include fixes for critical security vulnerabilities.
Charities should also make regular backups of important files, using an external hard drive, memory stick or online storage provider, ensuring no device is left connected to the network, thereby preventing the spread of malware infections. Should they experience an attack they will have retained most of their data. While charities operate on tight budgets it’s important their technology is kept as up-to-date as possible. The older the technology, the more open charities are to security risks, so this must be weighed up against the costs. The costs aren’t just financial either. The loss of trust if donor and stakeholder details are compromised could take a long time to recover.
Education and awareness:
Charity financials argue that Education is paramount in the fight against cyber-crime. While many high profile cyber-crimes come from hackers breaching security systems, many organisations find their own employees are often at the root causes of security breaches. Employees must be given advice about not clicking on emails or links they are unsure about.
This is one of the main ways computer viruses spread, so making sure everyone understands this is essential.
Raising awareness amongst staff of the common cons used to commit cyber-crime is one of the most important preventative measures and something all charities should be doing.
Other things charities should include in their controls to minimise risk is regular requirements for password changes, as well as monitoring and reviewing which staff have access to data, ensuring access to sensitive data is only given to those whose job requires it.
Developing a policy about the use of personal devices at work is also necessary. With employees increasingly using smart phones and tablets in the workplace to access company data this can compromise data security. This needs to be managed and perhaps restricted if it’s felt to be too much of a risk.
When it comes to managing fraud specifically, charities must ensure they verify all changes to key contacts and that important instructions, including changes to payments, bank details and addresses are made in writing, and followed up by a phone call to the contact. Again, this is something all employees need to be made aware of and ensure they follow.
Whilst no charity can ensure they will be 100% safe, these are just some of the ways charities can protect themselves and prevent themselves being targets of fraud and cyber-crime. Mitigating the risks from cyber-crime within a well-thought out risk framework is crucial in today’s technology-led world and something that must be fully embedded into the workplace culture.
Take a look at the Little Book of Cyber-Scams here: