BLOG: Evaluating cyber-risks: the new frontier

Cybercrime. It is the word that is currently on everyone’s lips. Politicians, law enforcers, and business leaders alike are all discussing the problem, and with very good reason too. Every charity which has some form of online presence – be it a Facebook page, Twitter account or website – is now at risk of becoming the victim of a cyber-attack.

US reports estimate that cybercrime currently costs the global economy over US$445 billion (about £266 billion) annually, and this is projected to increase to more than US$2 trillion within the next four years. Closer to home, cybercrime is ranked as one of the nation’s top security risks and is believed to conservatively cost our economy tens of millions of pounds each year.

With almost half of the world’s population (some 3 billion people) now online it has been somewhat inevitable that many ‘traditional’ crimes, such as theft and fraud, have moved into the online world. The internet’s borderless nature, relative anonymity, and almost endless pool of potential victims has made it an attractive – and lucrative – proposition for many criminals. But what has surprised many people has been the speed with which this has happened, leaving many organisations struggling to keep up with the changing criminal tide.

Charities too are increasingly turning to the internet but for very different reasons: to boost their public profile, raise awareness of their cause, and engage with beneficiaries, funders and supporters. About half of all charities are now believed have an online presence and this figure is set to grow.

Charities hold a lot of valuable information about their supporters and other stakeholders and this can be an attractive target for cybercriminals. The altruistic nature of the sector can also act as a magnet to online scammers seeking to prey on the generosity of the giving public during annual fundraising appeals or in the wake of natural or human disasters. This means that keeping data, IT and online payment systems secure is incredibly important.

Even though many charities seem to be fairly confident about their ability to deal with technological risks, it can be a challenge to get to grips with the often baffling array of terms used to describe cybercrime such as online crime, digital crime, and e-crime. The important thing to remember is that these are essentially the same thing: crime committed online.

Common forms of cybercrime include hacking to steal passwords and data, cyber-fraud (including phishing and identity theft), malicious software, and much more. Online security breaches in particular are on the rise, and there has been an increase in the number of data breaches reported to the Information Commissioners’ Office by charities over the last two years.

Generally speaking criminals will often attack those that offer the least resistance. Online security needs to be taken seriously, and charities need to ask themselves: how cyber-savvy are we and what do we need to do to build strong cyber defences?

Many cyberattacks can be prevented by taking some simple precautions such as downloading and applying the latest software updates, checking the security controls and policies of third-party cloud and IT providers, educating staff about what to do about suspicious-looking emails, and keeping an eye out for fake websites and warning potential donors about these.

Traditional password security is currently being rethought by GCHQ, the government security and intelligence agency, who recommend that organisations should simplify their approach. It suggests that staff should no longer be required to regularly change their passwords unless there is suspicion of, or actual, compromise because this does not necessarily improve security.

There are lots of free online resources available to charities that want to learn more about protecting their organisation online such as the Government’s ‘ten steps to cyber security guidance’ and cyber-essentials scheme as well as the websites www.getsafeonline.org and www.cyberstreetwise.com.

Online fraud will be considered as part of a one-day conference hosted by the anti-fraud charity Fraud Advisory Panel and the Charity Commission on ‘tackling fraud in the charity sector’ which is taking place on 30 October in London. For more information, visit www.fraudadvisorypanel.org

    Share Story:

Recent Stories