Tackling Cybercrime In The Charity Sector
Charities in England and Wales spend over £90 billion of much-needed funds every year. The pandemic is likely to affect charity funds in the next few years, together with reduced funding from European Union due to Brexit. There is no better time to investigate cybercrime for charities.
As more and more employees are working from home and therefore storing data and information online, charities have become increasingly reliant on IT and technology. IT has never been more critical to running a business than now. Towards the end of 2019, just before the pandemic hit, The Charity Commission with the help of the Fraud Advisory Panel, contacted 15,000 charities, out of approximately 160,000 registered charities in the UK. Around 57% of the charities contacted said that cybercrime is a major risk to their sector, and it may cause harm to their organisations and their beneficiaries.
The 2019 report says that there is no specific evidence to prove that the charities are at greater risk of fraud or financial crime than any other organisations. However, charities need to be mindful that cybercrime is growing rapidly and with the impact of the current pandemic, the criminals will try even harder! This comes at a time when charities may potentially see their funding significantly reduced. The impact of the current pandemic is going to be huge for the charity sector in terms of sourcing funds.
Charities should recognise the potential damage a cyber-attack could cause and the impact on its reputation.
The good news is that charities are much more aware of the risk of cybercrime. The larger charities, especially, have the resources to put in place systems to minimise cybercrime. However, small, and medium charities are less aware of the risk, and they are the ones who are probably more likely to see an attack.
You must ensure that your personal computers and laptops are up to date with the current version of the operating system. You must, as part of your company policy, ensure that your employees check for operating system updates on a regular basis and action the updates within 24 hours of the notification. Your IT provider should also have set up your personal computers to check for updates regularly.
With the introduction of GDPR in 2018, a lot of charities have already put systems in place to safeguard their databases which hold persona data. Since 2018, the IT sector has added an increasing amount of security to become more secure, which you can look to add to your systems.
Prevention is always better than reaction! There are several simple steps you can take to protect your charity:
1. Two-factor authentications
Nearly all online-based software allows for two-factor authentications. Enforce this across your organisation as a basic control.
2. Two-person approval of payments
If you are making online payments or paying by cheques, ensure you have two signatories or two form approval process.
3. Keep your eyes peeled
Encourage your team to share if they come across any unusual activity or if they see something suspicious.
4. React fast
If you believe that your charity has been the victim of online fraud report this immediately through the Action Fraud Website. You should also report it as a serious incident to the Charity Commission.
If you have any further charity-related questions or would like to change over to a charity sector specialist accountancy firm, please contact Suda Ratnam directly at email@example.com or click here to get in touch with us today.