Phone icon
Menu icon
Professional insurance
with a personal touch
We're open as usual
0345 222 5391
Mon-Fri, 9am-5pm, local rate & mobile friendly

Cyber security for small charities: new guide to staying safe


State aid

When the government gets involved, it’s usually a sign that things are serious.

So, the fact GCHQ has put together a cyber security guide just for small charities should set alarm bells ringing. It means it’s sufficiently worried about the sector’s vulnerability to cybercrime to single it out for special help.

GCHQ says its research reveals many small charities don’t see themselves as a target for cybercriminals. It suggests the problem lies partly with their innate culture of trust, which lulls them into thinking they’ll stay out of the line of fire.

Add to that an underlying lack of digital awareness, and the curse of limited resources, and you’ve got the perfect environment for hackers to thrive in…and for small charities to come off worse.

Fair game

But make no mistake. The fact you’re a charity doing good things means zilch to a cybercriminal. They’re solely focused on converting denial of service attacks and stolen data into hard cash – and they’re really not picky about who they prey on.

In fact, you could argue that being a charity makes you even more of a target. Personal info is like gold dust to cyber criminals. And they’re well aware charities store data and financial details for their supporters, beneficiaries and volunteers.

If that digital data is then stolen and used by criminals for identity theft and fraud, it can unleash claims for compensation from everyone affected. That means lawyers, legal fees and payouts, so never a cheap exercise.

It can also put you in trouble with the regulator and spark an investigation if they suspect you haven’t done all you should to protect the data. Not forgetting that a data breach can put a big dent your charity’s reputation – which can have a knock-on effect on donations.

Cyber-attacks can be devastating in other ways too. For instance, your data or network might be held to ransom for the kind of sum that will empty your coffers. Your website might be taken down. Or your systems might be infected with malware, meaning you can’t operate.

Wake-up call

All these are good reasons why it’s important to prevent cyber-attacks in the first place if at all possible. It’s also why GCHQ has brought out its guide, in a bid to make small charities wake up to the reality of cybercrime.

In it, it spells out five key steps small charities can take to boost their chances of avoiding or at least surviving an attack:

  1. Back up data
  2. Protect against malware
  3. Make remote devices like laptops secure
  4. Use strong passwords
  5. Be alert to phishing

All sound advice, of course. But the reality is, even if you do everything you’re advised to, hackers are devilishly devious. They’re usually one step ahead of the game, and sometimes even your best efforts won’t be enough to ward them off.

Recovery position

But even if you can’t always prevent an attack, you can at least do the next best thing and be ready for one. That means having a plan to start dealing with the fallout straightaway. And to get back on your feet as quickly as possible

The trouble is, that fallout might include repairing your systems, resurrecting your website, paying ransoms or fielding compensation claims. It might also mean an investigation by the regulator, or dealing with the fact your treasurer has fallen for a phishing email and transferred £thousands to a bogus account.

Not so straightforward then. And a good reason for small charities to think about having cyber insurance as back-up. Because while it can’t stop you from being a victim of cybercrime, it can stop you being the sort of victim that never recovers.

That’s because cyber insurance provides the financial clout and expertise you need to get back up and running quickly. It pays to fix systems, restore data and deal with investigations. On top of that, it covers ransoms, legal costs, compensation and lost revenue. It also provides vital crisis PR.

Sitting ducks?

If GCHQ is worried about small charities providing easy pickings for cybercriminals, you should be too. It’s a sure sign that it’s time to take action. Reading the cyber-attack prevention strategies outlined in their guide is a good place to start. Cyber insurance is perhaps the best place to finish.

Click on the image to view GCHQ's infographic highlighting 5 things small charities can do to combat cyber-attacks.

If you liked this, you might like thesethis...

Why going digital is the new way forward for charities and community groups
Email, social media & digital fundraising are more vital than ever for charities in these days of the pandemic. But how do you get it right?
Online help and resources to help you run your charity or not-for-profit better
Directory of helpful online resources for charities and not-for-profits in essential areas like fundraising, governance, GDPR, volunteers, H&S, and more.
How can charities bridge the funding gap during coronavirus?
Charities are more in demand than ever as we battle the coronavirus pandemic. But their funding has been hit hard. Here's some help with plugging the gaps.

More Advice, News & Know-how

Sign up to being prepared and protected

Get reliable advice on protecting and fine-tuning your business or charity sent straight to your inbox. Plus, receive other occasional bits we think you'll enjoy, like competitions and offers. We promise not to swamp you, and you can unsubscribe easily.

Sign me up