Cyber Security tips for small charities

In the past, many small charities believed that they were unlikely to be targeted by hackers and based this purely on their size and revenue. However, they have since realised that they are prime targets due to many of these charities not having sufficient protection in place and limited inhouse technical knowledge. Of course, working with an IT support provider that understands the sector and offers a range of solutions to bolster security, is key to giving you every chance of avoiding being a victim of cybercrime. But if your charity does not currently have this support, what steps can you take to protect your organisation?

1. Back up your data – Taking regular backups of important data is vital to ensure your charity can still function in the event of a disaster, including fire, flood and cyber-attack. Keep your back-ups separate and consider a cloud back-up solution.

2. Malware Protection – Malware refers to any malicious software and to help protect your data and systems you should have the following in place:

• Anti virus software – Sounds obvious, but once installed, it should be kept up to date to offer protection against emerging threats. It is a good idea to have automatic updates switched on.
• Firewalls – These create a buffer between your organisation’s devices, network and the internet. Many popular systems include these free of charge but you must make sure they are turned on.
• External Apps – Prevent users downloading and installing external apps by updating administrator permissions. Staff should have to ask for permission to install any applications. 
• Keep OS up to date – Your operating systems should be kept up to date as they include security updates. The easiest systems to hack are the out of date operating systems and hackers are constantly looking for organisations that are slow to update.

3. Passwords (Best practice) – Switch on password protect and update and be sure to update and default passwords. The NCSC recommends symbols and numbers. For example: W@keUpCoffee!#1

Use two factor authentication (2FA) where possible. I am sure you would have seen many services using this including Gmail when you login from a different device. We strongly recommend that if you are using MS365, that you implement this across your organisation’s MS365 accounts. There are different types of authentications available which can prevent up to 99.9% of account attacks.  Check out this Microsoft article.

4. Protect mobile devices – People using mobile devices to access emails and other work documents pose a huge risk to organisations. How many members of staff download sensitive data onto a tablet or smartphone? It’s a safe bet that it happens on a daily basis and yet many of these devices are unprotected. Because mobile devices are easier to lose (or be stolen) the first step should be to switch on password protection and enable location services, so the location of the device is visible. It is also important that devices are kept up to date with the latest software version.

We would recommend any mobile device which accesses company information, including emails, is enrolled onto mobile device management software which as IBM MaaS360 Visit – IBM MDM

5. Phishing attacks – There has been a huge increase in the number of phishing emails being sent to charities and with 95% of breaches being a result of user error, it is important to educate your staff, so they know what to look out for. Phishing emails have become very sophisticated and are often difficult to spot. However, investing in an effective spam filter is one way to reduce the number of emails hitting inboxes and we have found SpamHero to be very effective.

Cyber security awareness training is something more organisations are embracing, and Webroot offers low cost online training for charities. The training should involve phishing simulation, monitoring click rate and then attaching relevant online security awareness training. This should be done at least every three months to keep staff on their toes. More information is available HERE.

As you can see, there is a great deal to consider, and these five tips only touch the surface. Organisations should have a multi layered approach to cyber security. Starting with the basics and setting out a plan to implement additional layers to achieve maximum protection. It can be daunting, so please do get in touch with our team if you need any guidance/advice, we are always happy to help.

Thank you for reading and Stay cyber-safe!

Chris Austin

SpirIT 

Tel. 0208 1234 365

Email. chris.austin@spirituk.com

www.spirituk.com

Author: Chris Austin –  21 Jan. 22