The Charity Commission recently issued an alert to the charity sector about cyber crime and how to report it to them.
Cyber crime has a number of definitions but usually involves attacks on or through computer systems and networks. It often includes the theft of data or the disruption of systems to enable further criminal activity.
Depending on the nature of these crimes, trustees, staff, volunteers and beneficiaries of charities may be adversely affected. In addition, negative publicity can also have an impact on public trust and confidence, not only in the charity affected, but also in the charity sector as a whole.
The government Cyber Security Breaches Survey 2019 revealed that over two-thirds of high-income charities had recorded a cyber breach or attack in 2018. Of those charities affected, the vast majority (over 80%) had experienced a phishing attack, which are fraudulent emails.
With the cost of a breach ranging from £300 to £100,000, charity managers cannot afford to ignore the growing threat posed by cyber crime, in all its forms.
The good news is that advice and guidance is widely available to help charity trustees to take the right steps to protect their charity.
How you can protect your charity
All charities should be vigilant to the threat of cyber crime and make sure appropriate defences are in place, including raising awareness with their staff and volunteers. Examples include having a secure email system and a protected website.
The National Cyber Security Centre (NCSC) has produced a useful guide on how to protect from cyber crime (Cyber Security: Small Charity Guide). It also explains how charities can become accredited under the government Cyber Essentials Scheme.
For larger charities, detailed advice for trustee boards on improving cyber security is available in the NCSC’s new Boards Toolkit. HM Government also provides timely advice and guidance through its Cyber Aware website.
How to report cyber crime and fraud
If a charity becomes a victim to cyber crime, or any other type of fraud, the charity trustees should report it to Action Fraud by calling 0300 123 2040, or by visiting the Action Fraud website.
The trustees should also report fraud to the Charity Commission as a serious incident.
The Charity Commission requires prompt, full and frank disclosure of incidents. Serious incident reporting helps the Charity Commission to assess the volume and impact of incidents within charities, and to understand the risks facing the charity sector as a whole.
Where appropriate, the Charity Commission can also provide advice and guidance, either to assist individual charities and get them back on track, or to warn the wider sector about prevalent threats.
Barrett & Co can assist you if you are a charity trustee and are concerned about the cyber security of your charity. For further details please contact Jane Whitfield at [email protected] or on 0118 958 9711.