The basics of cyber security

One in five charities in the UK experienced a cyber attack in the last 12 months (Oct 2023), so it is vitally important that all charities follow best practice in terms of cyber security and protect organisations against potential risks.

Backing up your data

• Identify what data you need to back up
• Keep your backups separate from your computer
• Consider the cloud
• Read NCSC cloud security guidance
• Make backing up part of your everyday business

Actions to take

• Switch on your firewall and enable antivirus
• Install the latest updates on all your work devices
• Check your apps and software are from an official store
• Check if your data has been in a data breach. Have I Been Pwned: Check if your email has been compromised in a data breach
• Protect email and social media accounts - use different passwords
• Create strong passwords - Combine three random words to create a password that’s long enough and strong enough.
• Turn on 2-step authentication

Phishing

From the charities that reported a cyber attack via cyber breaches 83% were phishing. Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, the danger is that unwittingly you could hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. You can report phishing emails to [email protected]

Steps to take if you have fallen victim to a phishing email

• Change your password, immediately, making it strong and unique
• Update passwords for your other accounts if you use the same or similar passwords
• If your organisation has an IT/Cyber Security department, inform them immediately
• Scan your devices for malware using antivirus software#

Cyber Essentials

Cyber Essentials is a government backed scheme that will help you to protect your organisation against a whole range of the most common cyber-attacks. There is a FREE Cyber Essentials Readiness tool that will create a personalized action play to help you move towards meeting the Cyber Essentials Requirements.

What are the benefits?

• Improve your security process
• Build trust with customers
• Bid for government contracts
• Be on a trusted register of supplier
• Strengthen your supply chain

Funded Scheme

The National Cyber Security Centre is offering a fully funded scheme to help organisations in the voluntary and community sector to get Cyber Essentials Plus certification. You can access more information here.

Useful resources

Small Charity Guide - NCSC.GOV.UK

NCSC's cyber security training for staff now available - NCSC.GOV.UK

Services - NCSC.GOV.UK

Cyber Essentials Funded Programme 2023 - 2024 | NI Cyber Security Centre