Charities - be aware of Cyber Crime

10 March 2020

As the Charity Sector Threat Assessment illustrates, losing access to technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating, both financially and for your reputation.

We want to help you to feel better-armed to face the challenges that come with such rapid technological advancement, and although we can’t guarantee protection from all types of cyber-attack, following the advice in the Cyber Security: Small Charity Guide will significantly increase your protection from the most common types of cyber-crime.


look out for the ‘red flags’

These are clues on the emails or messages to look out for:

  • Grammatical errors or poor spelling.
  • Odd links or names.
  • Requesting personal information or banking details.
  • Offering things that seem too good to be true.
  • Relates to something you didn’t initiate, you’re not involved with or doesn’t make sense.
  • Do NOT click on attachments or links unless you are certain it is genuine. Try hovering over domain names, URLs or sender names to check them before clicking on anything.

Other steps to take to avoid a cyber attack are:

  • Run anti-malware/virus software and keep it up to date.
  • Have strong and unique passwords – don’t use the same password for multiple logins or use personal details.
  • Use a password management system such as ‘Lastpass’, ‘Dashlane’, or ‘Keepass’ which means you only have to remember one password. Some of these are free to use.
  • Be careful when using public Wi-Fi to access sensitive online services, eg; banking.
  • Try to check URLs or logins before clicking to ensure they’re genuine.
  • Back up your data regularly. Cloud based storage is safe and effective. If you do wish to use a device for back up – keep a copy off site (in case of theft or fire).
  • Never send files such as invoices as a word document. These can be intercepted by criminals, and bank details changed before the recipient receives it. Using software such as Xero should help to avoid this scenario. However, if you do need to send invoices by email, ensure they’re saved as a PDF before sending, so they can’t be altered.
  • Ensure staff are fully trained on systems and processes, and know what to look out for.

The advice provided by the National Cyber Security Centre is easy to understand, and free or low cost to implement.

If you believe you or your charity has been the victim of online fraud, scams or extortion you should report this through the Action Fraud website. You should also report it as a serious incident through the Charity Commission (England and Wales) website.

Need more information?

Get in touch with Richard Buckby on 0116 2762761