Cybersecurity for Charities: Why It Matters More Than Ever

We know that every Norfolk charity wants to make a difference, offer support and change lives. But in an ever-increasingly digital world, there’s a growing threat that could undermine all that good work: cybercrime.

A recent report has revealed that nearly one in three charities experienced a cybersecurity breach or attack in the past year. That’s a sobering statistic. And while it might feel like cybersecurity is something only big corporations need to worry about, the reality is very different. Small charities are just as vulnerable — sometimes even more so. We have noticed an uptick in the number of phishing scams about at the moment, and know that some local charities have been compromised recently.

For many smaller charities, IT and data security can feel overwhelming, complicated, and maybe even a bit irrelevant. After all, the focus is (rightly) on helping people, not on navigating firewalls and passwords. We spoke to James Holden, a cyber security expert who offers his professional time through Norfolk Community Foundation’s Skills Exchange programme (part of Good for Good) to local charities.

James offered us some of his insights:

“Being secure starts with getting the basics right and making it hard for a baddie (a “Threat Actor” in security parlance) from exploiting the hard fought donations/grants and human kindness that embodies your team.

With modern technology, impersonating a person in critical need of your help or a wealthy benefactor is made simple and convincing – whether it is writing an email, spoofing a video or even a digital deep fake persona impersonating your CFO to request a transfer of money. It’s all happening now and it is how engineering firm ARUP lost £20m.

So what are some of the basics?

Using your phone to validate your ID with “two-factor authentication” (2FA) or “multi-factor authentication” (MFA).
Check your routers / firewalls default passwords changed and phone validation enabled.
Keep your network simple and clean. Keep devices connected to a minimum by having a separate guest network.
Deploy free monitoring of your internet connections.

In case you are unaware, Police CyberAlarm is a free-to-use service that provides gateway security monitoring and vulnerability scanning services that result in regular reports on your cyber security. Further information on the service in general can be found via the scheme website.

For more useful tips on cybersecurity bookmark the Police-led Eastern Counties Cyber Resilience Initiative which has helpful advice such as the ‘little steps’ program to get you started.”