Does your charity have a problem with cybercrime?
Could your charity be leaking money to fraudsters and cybecriminals, reducing the amount of funds it can direct to its good causes?
This week is International Charity Fraud Awareness Week 2019 and today we are asking charities whether they think they have a problem with Cybercrime. The Charity Commission and Fraud Advisory Panel have just launched a timely research and action paper on this very subject. The paper has some useful data in it which may be useful for presenting to your Trustees or management board on the scale of the problem.
What does this mean?
The research suggests that small charities are just as vulnerable as larger ones. This is consistent with advice we have heard from our work with the Police Digital Security Centre. We also produced a relevant blog post ;last year looking at the insider threat to data security. This also contained useful links to resources from the National Cyber Security Centre. Yesterday we also reminded charities about the importance of refreshing their risk assessment on a regular basis to take account of emerging cyber enable risks such as Business Email Compromise Fraud.
Why is this important?
Many organisations including charities often view cybercrime and cybersecurity as a purely technical issue. This is in our view is the wrong approach. These are business risks and as such need to take account of your business systems, processes and most importantly people. If you miss any of these elements then your strategy is likely to fail.
Advice from the policy is that organisations should prepare for ‘when’ they suffer a cyber breach, not ‘if’. A robust response plan is therefore also essential.
Some recent data breaches could have been avoided by a few simple processes – implementing software updates and security patches, strengthening passwords particularly changing default passwords on products connected to your network, and implementing two factor authentification where possible.
Our self-serve guidance will help you:
- Identify the key risks and who is responsible for managing them;
- Consider the impact of cyber related incidents;
- Assess the scale/likelihood of the risk of different types of cyber incident occurring;
- Identify/evaluate the adequacy of existing controls to mitigate the risk;
- Implement revised controls/action plan for the future, and
- Monitor and Review the impact of actions.
free resources include:
- Risk Assessment Templates to aid your assessment of high risk areas of the business.
- example Consequence (Impact) and Likelihood Measures
- simple training and advice solutions for your staff
- incident response templates
Premium content available includes online and face to face training and videos, mock phishing email exercises.
For those who prefer face to face consultancy we have various services to provide continued support including assistance with fraud and cyber risks assessments , training, incident response planning or independent audit/review .
We will be liking and retweeting other posts so please join us in keeping #charityfraudout.
Ask us a Question
We want to make sure the advice we give this week is relevant to your needs. We are therefore inviting you to ask us a question and we will provide our response and post these online. Simply complete the form below to submit your question.
Ask us a question about managing financial crime risks including fraud, cybercrime, bribery, corruption, money laundering, terrorist financing, sanctions, modern slavery or facilitation of tax evasion.