Almost half of charity workers never change work passwords, research shows

Almost half of charity workers have rarely or never changed their work passwords, highlighting significant security risks within the sector, research has found.

A new survey from cybersecurity company, ramsac, has revealed that 36% of workers have never changed their passwords; 23% changed it at induction and 20% changed it a year ago.

The number of workers who changed their passwords within the last three months sits at 3%.

It was also found that the majority of professionals had never received any form of cybersecurity training.

The study suggested charities implement a stricter policy that keeps their organisations safe from hacking attempts, unauthorised users logging in, and brute force tactics.

Not changing passwords makes workers and their charities more susceptible to being victims of cyberattacks, ramsac said.

The survey also showed that 44% of professionals’ passwords only contained a mix of letters and numbers, with only 22% of professionals having a password with at least one ‘special character’.

ramsac said charities should have a managed password policy that enforces a certain complexity and requires a regular change. "This is an easy and efficient way to improve the cybersecurity of an organisation," the firm said.

The firm's MD and founder, Rob May said: “Our survey clearly highlights that a reliable human firewall is pivotal to an organisation’s cybersecurity. Staff are not clued up about the significance of their decisions and this can result in huge consequences. Cybersecurity is only as good as its weakest link, so upholding a fantastic standard is essential in not putting an organisation at risk of attacks.

“Although the study revealed some worrying behaviour from professionals, the remedies are incredibly simple¸ showing why cybersecurity reviews are so important. Employees become better equipped to safely use the internet and the changes to improve are far more straight forward than some would initially think. The first step to quality cybersecurity couldn’t be easier; educate and train.”

The survey found the most common impact of a cyberattack on a charity was the temporary loss of access to files or networks, which 9% of charities experienced.

The most common form of cyberattack on charities were phishing attacks, which is when a fraudulent message is sent to trick the target into revealing sensitive information.

    Share Story:

Recent Stories


Charity Times Awards 2023

How is the food and agricultural crisis affecting charity investment portfolios?
Charity Times editor, Lauren Weymouth, is joined by Jeneiv Shah, portfolio manager at Sarasin & Partners to discuss how the current pressures placed on agriculture and the wider food system is affecting charity investment portfolios.