4 questions to help assess your charity’s cyber security

It’s a very real threat that looms over the charity retail sector: cyber attacks. In 2020 alone, 26% of voluntary sector organisations reported cyber attacks, a quarter of which suffered from them on a weekly basis. And this figure rises even higher for those with annual incomes of £500,000 or more, with 51% of charities in this category reporting attacks throughout the year.

 

With such concerning statistics, it’s obvious we need to be more aware than ever. But improving your charity’s cyber security doesn’t have to be complicated – or break the bank, either. We’ve put together four simple questions to help you gauge where your charity’s cyber security is at, and areas it could be even better.

 

Do you backup your data?

Your internal systems will have gigabytes of important information. Donor detail, staff and volunteer contact information, payroll, research, feedback – you name it, you’ll have plenty of it. And that’s data you do not want to lose. Because if you did, it would be a massive hit for your charity’s productivity and reputation. The latter of which has a knock-on effect on your ability to raise funds.

 

While backing-up your data can’t prevent cyber criminals from gaining access (we’ll come to that in a moment), it can significantly reduce the impacts of a breach. It offers peace of mind that you won’t lose all that valuable data no matter what. It’s also a good defence against physical damage – such as a fire or flood – since you can backup to the cloud specifically.

 

Cloud backups are ideal as they keep your data separate from your sites. Daily backups in particular are a good habit to get into, ensuring no data ever slips through the cracks.

 

Are your staff and volunteers educated on cyber risks?

The more informed your staff are about the various cyber threats out there, the less likely they are to put themselves (and your charity) at risk.

 

Cyber threats become smarter and harder to spot every year. A simple email or normal looking website could be enough to access your system. So you want your staff and volunteers to know how to be vigilant and sceptical when online. To identify any sites, apps, or requests which could be problematic.

 

Phishing tends to be the most common tactic used against charities. So that’s a good place to start. It usually involves websites and emails designed to look legitimate, but they often have a tell. It could be that the website URL links to something irrelevant from the company, or there’s a spelling mistake in it.

 

You want your staff and volunteers to be able to spot potential threats as soon as possible. And the only way you can do that is through comprehensive cyber security education.

 

Are you performing regular security checks and patching vulnerabilities?

To reduce risk, you need to understand what your vulnerabilities are. And this requires frequent, robust security checks. Technology is constantly changing. And this means your systems will always have new updates to install. Updates that often contain critical security fixes. By getting into the habit of checking your systems regularly, you can remain as updated and protected as possible.

 

The sooner you spot any potential security issues during these checks, the sooner your IT department or supplier can patch and rectify them for you. Want to make this step easier? Look for a solution – likely cloud-based – that takes care of updates automatically. This way, you’ll have the security you need without the constant worry.

 

Does your cyber security extend to portable devices?

More and more, charities are taking their efforts on the go. Whether it’s in a van on the way to donor collections, in employees homes while working remotely, or on managers’ smartphones while travelling.

 

But as these portable devices become more powerful, so does their potential for being attacked. These mobile devices are just as important as your tills and computers when it comes to security. They present different challenges, so you need to make room to talk about them in your cyber security training.

 

Similarly, your employees’ home offices likely won’t have the same levels of security and protection as you do on-site. So this is another area worth exploring if you’ve still got some remote working taking place.

 

Let 2022 be the year your charity prioritises its cyber security. Your staff and volunteers work tirelessly to make a difference to your cause, and the last thing you want or need are cyber attacks halting your progress.

 

Don’t let a cyber attack ruin your year. CHARiotWeb is a cloud-based retail system that includes innovative features to boost your charity’s cyber security, with ongoing technical support and maintenance – all for one accessible, monthly price. If you’d like to find out more, get in touch on 01204 706 000.