One of the main threats facing the Not for Profit Sector is the risk of Cybercrime. With more and more activity taking place online, the scope for malicious attacks increases. It seems that criminals have no compunction at targeting the Charity and Not for Profit Sector, perhaps believing that organisations are more “trusting” and defences are accordingly less developed.
To help raise awareness of the issue the Charity Commission has released a “Preventing Cybercrime” Insights and Action document summarising research:-
Key recommendations include:-
- Be aware of the issue and give it necessary priority
- The board needs to have this on their radar as a key risk as ultimately they are responsible for Cybersecurity
- Organisations however need to decide who is responsible for this on a day-to-day basis – board members may not be the best people to run with this
- Where necessary incidents need to be reported to the relevant regulator, being that the Police, or Charity Commission or National Cyber Security Centre. The board need to be made aware of any issues.
- Prevention is better than cure!
Remember that is not only financial loss that may occur, criminals will also be looking for personal details which might put you in breach of GDPR regulations.
The document includes links to helpful resources from the National Cyber Security Centre. There are resources specifically for charities which have wider application to the whole Not for Profit Sector.
Cybercrime is something that is not going to go away, and we all need to be aware of it and to take steps to mitigate this threat.