Protecting Charities from Cyber Crime

Non-profit organisations are as vulnerable to cyberattacks as any other business, so they should take similar precautions and be equally-prepared…right? Unfortunately, according to a 2017 study by UK consultancy firm Sayer Vincent, pre-existing knowledge and awareness about cyber security varied considerably among the charities they interviewed. There were even some participants who assumed that “cyber security was more of an issue for businesses than for charities.” A recent Financial Times special report expressed similar concerns about how well-prepared charities are to handle cyber security threats.

Why are charities ill-prepared for cyber crime?

Many charities fail to see how their data is a valuable business asset—and a target for cyber criminals. Non-profit organisations hold important stakeholder and donor data and often receive online donations.  Because of their benevolent mission and purpose, charities are believed to have much weaker systems in place to protect their data and IT systems from malicious attack, and all-too-often this assumption is true.

Non-profit organisations understandably prioritise communications in their IT budgets to expand fundraising and promote their work. However, to safeguard their reputation and their donor information, charities should seriously consider what they do to protect themselves from cyberattacks and how they can improve.

How do cyber criminals target charities?

Although charities are vulnerable to the same attacks as any other business or organisation, there are two unique ways that they can be targeted:

• Fraudulent credit card transactions

Thieves can test stolen credit card details by attempting small donations for £1 or £2 on charity websites, and then continue to use the cards for much larger fraudulent purchases. Charities are then entangled in a mess of stolen card transactions and liability.

• "Philanthropic Phishing"

After breaching vulnerable IT systems, cyber criminals can send out authentic-looking emails posing as your organisation, and solicit donations from anyone. This is one of the easiest ways to trick the public, and to damage your reputation.  

How can charities improve their cyber security practices?

Here are a few simple steps to assess and improve your cyber security as a charitable organisation:

1. Thoroughly review your systems to test for vulnerabilities
2. Always install upgrades and security patches on your IT systems
3. Make more use of address verification systems (AVS) used by credit card processors to reduce fraudulent card “donations”
4. Educate your teams on best practices for cyber security—and make sure everyone knows your plan for how to respond to a breach
5. Opt for a secure cloud storage provider for your sensitive information and data
6. Invest in a strong disaster recovery plan or managed DRaaS to prepare for data breaches or cyber attacks

At SysGroup, we have a strong track record of helping charities improve their cyber security. We believe that investment into your IT security will ultimately help your organisation grow and avoid setbacks from cyberattacks. We’ve worked with tight budgets and want to help improve your cyber security so you can focus on what you do best.

To learn more about the charities we have worked with, read our story on how we helped UK Health Forum achieve peace of mind, as well as increased IT speed and performance -

Read our customer story

To speak to a member of our team about DRaaS or secure cloud backup today -

Contact Us