Charities should be aware of “WannaCry” and “Petya”. These are the cyber attacks that have brought organisations to a standstill recently. Many charities are not investing in adequate levels of cyber protection. The Charity Commission has warned that charities could be at risk and should be vigilant. Further Matthew Hancock the digital minister has said charities “must do better” to protect sensitive information they hold as it emerged that many smaller organisations rely on external IT providers to protect their data.
Data protection legislation requires that for every charity that controls personal data, for example information about staff or donors, “appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data”. A cyber-attack will usually result in unauthorised or unlawful processing of personal data. So charities need to take steps to resist cyber-attacks in order to comply with the law.
Technical measures include use of appropriate antivirus software, software updates and patches.
Organisational measures include raising awareness amongst staff and keeping working practices under review. Typical areas of vulnerability are:
Mobile and remote working. A range of measures can be taken to minimise the risk involved in working remotely. For example, charities can keep the amount of data stored on a mobile device down to the minimum necessary to carry out the required business activity.
Passwords. With individuals now expected to maintain numerous separate passwords, requiring users to regularly change their passwords is now considered to be potentially counterproductive. Password rules are necessary, but they should be simple and easy to follow.
Email. Training to help staff to spot increasingly sophisticated phishing and spoofing, and avoid clicking on links or attachments, can reduce the risk of malware being introduced into systems.
Being the victim of a cyber-attack can be very unfortunate. But those organisations that have not taken appropriate technical and organisational measures to guard against these attacks will still be accountable for the loss. Staff must receive adequate training to deal with online attacks.
Cyber attacks – what charities need to do
Similar Articles
Charities remain at risk ... The Charity Commission warns that trustees, charity professionals and volunteers should continue to be aware of online extortion or ‘ransom’ demands affecting UK businesses. Charities could also
Prevention of fraud ̵... You can take this preventative action now: make sure charity software has up-to-date virus protection (though it will not always prevent you from becoming infected)
New rules disqualifying f... From 1 August 2018, new rules extend the criteria disqualifying certain individuals from acting as trustees or holding senior management positions in charities. The Charity Commission has
Richmond Group of Chariti... Research commissioned by the Richmond Group of Charities shows that charities can add value to the health and care system in a number of ways – which
Welcome to our blog stay tuned for more information.
Trading Subsidiaries – ... The purpose of trading subsidiaries of charities is simple. The wholly owned trading subsidiary undertakes the commercial trading activities that do not fall within the objects of
Lessons from Charity Comm... A Charity Commission enquiry report is timely reminder of need for good governance, conflict of interest policy and to take professional advice in many instances see shorturl.at/ntJK7
Government launches new s... Free online resource for charities launched by the Government. It is a safeguarding portal created to help charities handle safeguarding concerns or allegations. See https://safeguarding.culture.gov.uk/ The portal
Persons of Significant Co... From 6 April 2016 most companies (including charity companies) will need to set-up their PSC register and identify whether they have any PSCs, and from 30 June
Brexit has had no effect ... Charitable donations according to the Charities Aid Foundation’s annual UK Giving report found that charitable donations held steady at £9.7bn last year. Apparently the EU referendum had