When the government gets involved, it’s usually a sign that things are serious.
So, the fact GCHQ has put together a cyber security guide just for small charities should set alarm bells ringing. It means it’s sufficiently worried about the sector’s vulnerability to cybercrime to single it out for special help.
GCHQ says its research reveals many small charities don’t see themselves as a target for cybercriminals. It suggests the problem lies partly with their innate culture of trust, which lulls them into thinking they’ll stay out of the line of fire.
Add to that an underlying lack of digital awareness, and the curse of limited resources, and you’ve got the perfect environment for hackers to thrive in…and for small charities to come off worse.
But make no mistake. The fact you’re a charity doing good things means zilch to a cybercriminal. They’re solely focused on converting denial of service attacks and stolen data into hard cash – and they’re really not picky about who they prey on.
In fact, you could argue that being a charity makes you even more of a target. Personal info is like gold dust to cyber criminals. And they’re well aware charities store data and financial details for their supporters, beneficiaries and volunteers.
If that digital data is then stolen and used by criminals for identity theft and fraud, it can unleash claims for compensation from everyone affected. That means lawyers, legal fees and payouts, so never a cheap exercise.
It can also put you in trouble with the regulator and spark an investigation if they suspect you haven’t done all you should to protect the data. Not forgetting that a data breach can put a big dent your charity’s reputation – which can have a knock-on effect on donations.
Cyber-attacks can be devastating in other ways too. For instance, your data or network might be held to ransom for the kind of sum that will empty your coffers. Your website might be taken down. Or your systems might be infected with malware, meaning you can’t operate.
All these are good reasons why it’s important to prevent cyber-attacks in the first place if at all possible. It’s also why GCHQ has brought out its guide, in a bid to make small charities wake up to the reality of cybercrime.
In it, it spells out five key steps small charities can take to boost their chances of avoiding or at least surviving an attack:
- Back up data
- Protect against malware
- Make remote devices like laptops secure
- Use strong passwords
- Be alert to phishing
All sound advice, of course. But the reality is, even if you do everything you’re advised to, hackers are devilishly devious. They’re usually one step ahead of the game, and sometimes even your best efforts won’t be enough to ward them off.
But even if you can’t always prevent an attack, you can at least do the next best thing and be ready for one. That means having a plan to start dealing with the fallout straightaway. And to get back on your feet as quickly as possible
The trouble is, that fallout might include repairing your systems, resurrecting your website, paying ransoms or fielding compensation claims. It might also mean an investigation by the regulator, or dealing with the fact your treasurer has fallen for a phishing email and transferred £thousands to a bogus account.
Not so straightforward then. And a good reason for small charities to think about having cyber insurance as back-up. Because while it can’t stop you from being a victim of cybercrime, it can stop you being the sort of victim that never recovers.
That’s because cyber insurance provides the financial clout and expertise you need to get back up and running quickly. It pays to fix systems, restore data and deal with investigations. On top of that, it covers ransoms, legal costs, compensation and lost revenue. It also provides vital crisis PR.
If GCHQ is worried about small charities providing easy pickings for cybercriminals, you should be too. It’s a sure sign that it’s time to take action. Reading the cyber-attack prevention strategies outlined in their guide is a good place to start. Cyber insurance is perhaps the best place to finish.
Click on the image to view GCHQ's infographic highlighting 5 things small charities can do to combat cyber-attacks.cyber liability insurancemanaging risk