Cybercriminals have proven time and again that they are not just after businesses. No matter what kind of user, hackers try to gain access to their sensitive data or lock up their servers and then demand a ransom to release it or sell the data for money. Young, old, rich, poor, big firms, small businesses – all kinds of users have fallen to and experienced this kind of criminal activity.
Even charities across the world have suffered from cybercrime. According to a finding by Ecclesiastical Insurance about UK charities, one out of three charities have fallen victim to cybercrime. Angus Roy, charity director at Ecclesiastical Insurance, said that charities are, in fact, seen as more vulnerable for quite a number of reasons.
With the shift to remote working, technological challenges have been faced by all organisations and this has presented an opening to cybercriminals. Charities are often smaller organisations and have fewer staff, mostly less literate. These people have found it harder than most to make the shift from office work to working from home. 95% of all UK charities are currently working from home.
Low budgets for charities also means that they are unable to spend much on training their personnel or on installing a robust security system. Most charities are worked by older employees or volunteers who are often less able to understand the potential risks. Some charities have taken steps to protect their staff that’s working from home but most are still vulnerable. According to Ecclesiastical Insurance, phishing attacks are the most common against charities. 15% of charities reported having encountered phishing attacks and 7% reported having faced spear phishing attacks. Ransomware and general malware is also very common against charities.
Some of the Biggest Risks to Charities
There have been several high-profile attacks made against charities. One of the biggest hack attack victims recently was Oxfam Australia whose database was hacked in late January and put up for sale on an underground forum. The database contained records of 1.7 million users including their email addresses, phone numbers, the amount they had donated to charity. The data was confirmed to be legitimate by Bleeping Computer. When Oxfam was informed, they immediately informed their donors and initiated an investigation. Oxfam Australia’s CEO, Lyn Morgan, said that they had been communicating openly throughout the investigation with their donors while complying with regulatory requirements.
But an even more costly attack was the data breach at Blackbaud which is used by many organisations to raise donations. It is believed that a ransomware attack was launched against Blackbaud and the data of hundreds of users was breached.
What Should Charities Do?
Similar to any other business or organization, the best way to deal with cybercrimes is to educate their employees to recognize the foul play and stop falling for hack attempts. 81% of charities claim to be fully prepared against cyber attacks but Ecclesiastical Insurance found that only over 50% had a cybersecurity plan in place and only 42% had a cyber risk management plan or cyber insurance.
As a charity, you should make sure that you are thoroughly aware of the risks involved and that you have a proper plan in place in case you ever face a hack attack.