Cyber attacks – what charities need to do

Charities should be aware of “WannaCry” and “Petya”. These are the cyber attacks that have brought organisations to a standstill recently. Many charities are not investing in adequate levels of cyber protection. The Charity Commission has warned that charities could be at risk and should be vigilant. Further Matthew Hancock the digital minister has said charities “must do better” to protect sensitive information they hold as it emerged that many smaller organisations rely on external IT providers to protect their data.
Data protection legislation requires that for every charity that controls personal data, for example information about staff or donors, “appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data”. A cyber-attack will usually result in unauthorised or unlawful processing of personal data. So charities need to take steps to resist cyber-attacks in order to comply with the law.
Technical measures include use of appropriate antivirus software, software updates and patches.
Organisational measures include raising awareness amongst staff and keeping working practices under review. Typical areas of vulnerability are:
 Mobile and remote working. A range of measures can be taken to minimise the risk involved in working remotely. For example, charities can keep the amount of data stored on a mobile device down to the minimum necessary to carry out the required business activity.
 Passwords. With individuals now expected to maintain numerous separate passwords, requiring users to regularly change their passwords is now considered to be potentially counterproductive. Password rules are necessary, but they should be simple and easy to follow.
 Email. Training to help staff to spot increasingly sophisticated phishing and spoofing, and avoid clicking on links or attachments, can reduce the risk of malware being introduced into systems.
Being the victim of a cyber-attack can be very unfortunate. But those organisations that have not taken appropriate technical and organisational measures to guard against these attacks will still be accountable for the loss. Staff must receive adequate training to deal with online attacks.

Similar Articles

Recruitment of new truste... In accordance with the Charities Act, an individual is currently prevented from acting as a charity trustee if they have an unspent conviction for an offence of
Blenheim Palace granted c... Blenheim Palace has been registered with the Charity Commission  as the “Blenheim Heritage Foundation” with objects including restoring and preserving the site for the public benefit and
Digital Technology – co... The digital age matters to trustees as it affects key areas such as strategy, governance, fundraising, marketing, cybersecurity, culture and service delivery. It also brings opportunities, risks
Public should ensure dona... This is a Charity Commission press release:- Press release: Generous public should make sure donations go to genuine charities supporting the victims in Manchester, says charity regulator
Charities Aid Foundation ... Charities have been helped to process over £70m of donations since the launch of CAF Donate. Figures released by CAF show that: £71.8m has now been raised
Prevention of fraud in a ... # Charities like other organisations regularly fall victim to frauds. A new website at http://charitiesagainstfraud.org.uk/ gives useful guidance to help prevent this Some tips to help reduce
Charities and Brexit The charity sector is expected to lose £200k as a result of the UK’s exit from the European Union from grants and contracts from Europe. There will
Trustees responsibility w... Charities regularly enter into contracts with third parties, and the charity trustees must take the time to ensure they are acting in the best interests of the
Cyber attacks – wha... Charities should be aware of “WannaCry” and “Petya”. These are the cyber attacks that have brought organisations to a standstill recently. Many charities are not investing in
Charity Commission new gu... The commission has published new guidance for charity trustees about fundraising from the public, CC20. The guidance sets out 6 key principles to help trustees comply with

Leave a Reply

Your email address will not be published. Required fields are marked *