Get in Touch
The breadth and depth of cyber incidents around the globe today means that, regardless of the type of work that they do, every organisation needs to plan and prepare for an unexpected cyber-attack. While some are intentionally targeted, others are hit by speculative or opportunistic efforts to breach their IT estates. This is why non-profit organisations – just like everyone else – are advised to carefully consider their risk appetite to cyber threats. Cyber security is all about managing risk.
Many non-profits work alongside government agencies and/or private sector businesses to achieve their objectives. Most hold the personal details of either the people they help, or their financial donors, and usually both. All non-profits store a wealth of information that has a value to cybercriminals looking to copy it and either threaten to publish that information on the web or sell it through the dark web. And, unjustifiably, threat actors might perceive such organisations as lacking the latest security to properly defend themselves from cyber-attacks.
Aside from the data they secure and the people they work with, every charity is, of course, subject to industry regulations that they must comply with to keep running.
Despite these responsibilities and the risks that are attached to them, non-profits can take appropriate action to maintain their security, without breaking the bank.
Quorum Cyber has years of knowledge and experience protecting a wide variety of different private, public and non-profit sector bodies across a large number of sectors. We’re here to help minimise your overall risk over time.
The third sector is having to prepare for the same type of unexpected cyber-attacks as all other sectors of the economy.
Safeguarding large volumes of personal data
Under the Data Protection Act 2018, British charities are responsible for securing the personal data, such as names, addresses and bank account details, of all their financial donors as well as the people they help.
Minimal budgets for security
Managing tight budgets, non-profits don’t often have the money to run their own cyber security teams.
Low hanging fruit for threat actors
With lower budgets for cyber security, the third sector may be marked by cybercriminals as a relatively easy way to break in and steal personal data.
Lack of cyber security skills and resources
Not always able to depend on in-house security, not-for-profit associations need other financially viable options to protect their assets.
Any employees can fall for phishing attacks, which are often the main pathway into breaching an organisation and stealing data.
On the increase around the world in recent years, ransomware attacks are a serious threat, and potentially very expensive, for every sector of the economy.
Trust between partners in government and the private sector
When an organisation is compromised by a cyber incident, this can potentially lead to harming the hard-earned trust between them and their business partners.
What are the most common types of Cyber Attacks facing the Third-Sector?
The most common type of cyber-attack facing the charity sector is Phishing. Over 80% of charities who reported a breach in 2020 have suffered from some form of Phishing attack.
How do I know if our organisation is doing enough to protect ourselves from cyber-attacks?
In order to better help organisation’s protect themselves against the rising threats of the digital landscape, the National Cyber Security Centre (NCSC) produced guidance on ‘The 10 steps of cyber security’.
The 10 steps to cyber security was originally published in 2012 and is now used by a majority of the FTSE350. The 10 steps are defined as:
– Risk Management Regime
– Security Configuration
– Home and Mobile Working
– Incident Management
– Malware Prevention
– Managing user privileges
– Network Security
– Removable Media Controls
– User Education and Awareness