Recent research from Ecclesiastical Insurance has shown that a third of charities have suffered some form of cyber-attack during the coronavirus pandemic.
‘Phishing attacks’ have been the most common cyber threat to charities, affecting around 15% of charities. This is where attackers try to obtain sensitive information – bank details, passwords etc – by sending emails that appear to be from a trustworthy source.
The findings come after the Charity Commission revealed that cyber-criminals have stolen more than £3.5m from charities since the start of the pandemic – with the regulator saying it received 645 reports of cybercrime between March and September this year.
A survey of 250 charities carried out by YouGov on behalf of Ecclesiastical found that the vast majority of charities (95%) are now working remotely. While 29% were already embracing remote working prior to the pandemic, two-thirds have now moved to working from home during the pandemic.
Half of the charities surveyed admitted to technical challenges following the transition to remote working, while a third said they had struggled due to a lack of staff and volunteer skills.
Surprisingly, the survey found that only 23% of charities said they had increased their investment in security software, while just 21% have provided additional training or guidance for staff on how to stay safe when working from home. Almost half of the charities (45%) admitted to not taking any extra steps at all to increase protection for staff working from home – leading to concerns that charities are not taking the threat of cyber fraud seriously.
To help charities better understand the risks associated with remote working, we’ve provided some quick cybersecurity tips and advice below. For more information, visit Cyber Insurance For Your Charity or get in touch using our contact form.
Losing access to your technology, having funds stolen or suffering a data breach through a cyber-attack can be financially devastating and cause downtime for your charity’s operations.
It’s worth considering a charity cyber policy if:
- You use a computer for the everyday running of your organisation
- You take card payments or make electronic payments
- Your organisation has a website
- You hold onto customer, supplier or employee information
Cyber insurance provides access to, and covers the costs of, an investigation into the breach to identify the problem, eradicate the issue and protect your system/data.
BHIB Charities Insurance provide comprehensive cover against both cyber-crime and operational errors. Included in most covers is free GDPR training as well as the necessary firewall, anti-virus, and data backups, at no additional cost.
If you are interested in a quote for your charity cyber insurance, or an alternative quote for your main charity insurance, get in touch today:
Cybersecurity tips for remote working
- Update passwords – now is a great time for your employees to change their passwords to something more secure. This should be done on a regular basis e.g. once a month.
- Use Multi-Factor Authentication (MFA) – requiring two forms of identification to gain access to accounts is a relatively simple and effective way to increase security.
- Make a conscious effort to check before clicking on links/attachments – it is easier to get into a more relaxed frame of mind while at home, which could be dangerous
- Avoid public Wi-Fi networks – these are rarely very secure and are an easy target for hackers
- Lock your screen at home – this guards against your children accessing or clicking on something that could cause a problem
- Consider using virtual private networks (VPNs) – this ensures that all the data between the remote worker and the office network is encrypted and protected.
- Ensure your email protection is up-to-date and raise awareness of phishing – stay particularly vigilant for malicious coronavirus-related emails, such as:
- Fake charitable donations
- Emails impersonating the World Health Organisation
- Emails impersonating airlines and travel companies
- Fake emails claiming to sell masks and medical supplies
- Use updated versions of software and install latest security patches – ensure all devices, operating systems and software applications are up to date.
- Consider web filtering – applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’.
- Enable use of cloud storage security for files and data – don’t leave files and data in the cloud unprotected and accessible by anyone.
- Manage employee privileges – limit the amount of different people who have access to sensitive data, and monitor their activity.
- Establish a cyber incident response plan – make sure this addresses a variety of potential cyber risks and allows for as smooth and efficient a recovery as possible – see: https://www.ncsc.gov.uk/collection/incident-management/cyber-incident-response-processes
- Enforce a cyber risk management policy on staff members – this should include a safe internet use and email policy, BYOD (Bring Your Own Device) policy, mobile working policy and a data breach policy.
About BHIB Charities Insurance
BHIB Charities Insurance specialise in providing tailored cover for community groups, clubs, societies, voluntary organisations and hobby or special interest groups. We offer more than just insurance and we are passionate about supporting local communities.