How to keep your charity safe from cyber-crime in 2019

We caught up with our Security Threat Intelligence Analyst, Martin Giles, on how you can keep your charity safe from cyber-crime. Plus he shared where you can find useful resources to assess where the risks are, and how you can protect your charity against them.

In a digital world where we rely heavily on data, cyber-attacks are becoming an even bigger risk, and in 2018, over one in five charities fell victim to them. The good news is there’s lots you can do to keep your charity safe. We’ve rounded up our top tips and resources from the National Cyber Security Centre and the Charities Aid Foundation.

For starters, check out the National Cyber Security Centre’s Small Charity Guide to keep your charity safe without breaking the bank – or needing an IT whizz.

Get the basics right

Luckily most attacks are easily preventable.

If you patch your software against known viruses and create strong passwords – making sure not to use the same ones for multiple logins – you can easily prevent most attacks.

Back up and protect your data

You can protect yourself from ransomware attacks by backing up your data regularly.

Recently there’s been an increase in attacks in ransomware that remove systems and demand a ransom to retrieve them, and data breaches which could risk losing information vital to your charity. If you back up and protect your data, you can avoid losing years of your supporters’ records, reputational damage and fines from the ICO.

Only open emails from people you know and trust

Making sure that emails you receive are from trusted sources is a great way to keep your charity safe.

There’s recently been an increasing risk of phishing emails, where fraudsters try to access sensitive information, particularly through malicious links. This type of fraud is often successful because it relies on the goodwill assumption that people are getting in touch because they genuinely want to support your charity. You can protect your charity by always checking the sender’s email address and whether you know and trust that person.

Only trust people you know, even if they know you

It pays to be extra cautious when it comes to emails you receive.

Sophisticated fraudsters can now try to use your information to make them seem more trustworthy. If an email contains your personal details, it doesn’t necessarily mean it’s from a safe sender. They might have found your information through a cyber-attack on another site you use.

Charities Aid Foundation has some important guidance on the types of threats you need to be aware of and how to keep yourself safe.

Arm yourself with training

You can break down cyber security into easily manageable chunks with NCSC’s resources and training.

In early 2019 they’ll be publishing a brand new toolkit to help you have the right conversations about protecting your charity. Plus they’re launching a free e-learning package for staff and volunteers, so everyone can feel confident, no matter their role.

Nominate a cyber security expert

Not everyone is an IT whizz – sometimes you need an expert to know you’re in safe hands.

Choose your dedicated cyber security expert to help protect you. Plus you can make sure they have all the knowledge they need from NCSC’s GCHQ certified training courses.

Your data is safe with us

Here at Virgin Money Giving we take cyber security very seriously and being part of Virgin Money means our security and systems all meet approved banking standards.

Further reading

Assess which risks your charity is exposed to and how to stay safe using NCSC’s Cyber Threat Assessment: UK Charity Sector and Advice to thwart ‘devastating’ cyber-attacks on small charities.

Take five to stop fraud and find out how to keep you and employees safe.

If you’ve been a victim of fraud or cyber-crime, report to it Action Fraud online or by calling 0300 123 2040.


Four charity cyber security trends for 2019