PolicyBee – Small Charities Week.
Risk is something that has been forced to the forefront of our minds recently.
The coronavirus outbreak has transformed daily activities into actions that can put our health, and our lives, at risk. But while we’re all busy worrying about health risks presented by the pandemic, we shouldn’t lose sight of other issues that pose a threat.
Cybercrime should be considered a very real threat during this time as criminals are using the pandemic as an opportunity to strike. Even though the spread of coronavirus may be slowing down, the opportunities for hackers are on the rise, with many of us encouraged to work from home.
The threat is real
We’ve already seen numerous scams, from criminal gangs posing as the World Health Organisation and the US Centre for Disease Control to the registration of thousands of suspicious coronavirus-related web domains.
Latest figures from Action Fraud, the national reporting centre for fraud and cybercrime, show a loss of over £2 million just for COVID-19 related reports, and with cybercrime known for being under reported, the losses are likely to be higher.
What’s more, in its Preventing Charity Cybercrime study, the Charity Commission warns that charities are more vulnerable to cybercrime than any other organisation.
The study found that more than half recognised the threat was a very real problem to their operations.
Not only do charities hold valuable stakeholder and donor data, they often have less robust systems and controls in place to protect themselves.
Criminals are increasingly targeting the sector with phishing, ransomware, social engineering, malware, phreaking, a virus, website defrauding and hacking – with devastating consequences.
When it comes to protecting against cybercrime, the most obvious first actions are protecting against the external threats, but charities should also be aware of internal risk factors.
Is that email safe to open?
According to a CybSafe analysis of data from the Information Commissioner’s Office (ICO), 90% of data breaches in 2019 were due to human error.
Nine out of 10 of the 2376 cyber-breaches reported to the ICO last year were caused by mistakes made by end-users.
Something to think about. Phishing was identified as the primary cause of breaches in 2019, accounting for 45% of all reports to the ICO.
Phishing emails frequently attempt to trick staff into installing ransomware – a type of malware – on charity’s computer systems. This then increases the charity’s likelihood of falling victim to a ransomware attack.
All it takes is for an employee to open the wrong email attachment and hackers could instantly have access to all data and systems. And the cost to fix the problem can be huge.
But these incidents can be prevented with training.
Knowledge is power
If staff and volunteers know what to look out for it could save thousands in the long term in crime prevention.
Yet staff and volunteers at small charities can understandably be less likely to be given proper guidance than employees in for-profit organisations.
The perception being that training is expensive and time consuming.
It doesn’t need to be, and what you invest in training will pay dividends when it comes to preventing a cyber-attack.
There are many training options that need not cost the earth. Many support organisations such as the FSI offer free training and advice. Some suppliers also offer free training as part of their support package.
Our cyber insurance cover also provides access to GCHQ-certified cyber training from the Hiscox ‘CyberClear Academy’.
Knowledge is power so why not give your staff and volunteers the power to protect your charity from crime?
A three-pronged approach
Charities need a three-pronged approach to cover themselves against the threat of a cyber-attack. Training being the vital third element.
Combined with excellent IT protection and the right insurance cover, having staff and volunteers who know what to look out for will ensure you are protected from every angle.
If you’d like to talk about any aspect of your charity insurance or obtain more advice on cyber protection, you can call PolicyBee on 0345 222 5381 or visit our website for more information.