No doubt in recent months you’ve been busy implementing new internal policies to ensure you’re GDPR-compliant, a necessity if you want to avoid the stringent penalties that come hand-in-hand with a data breach. But now that the post-GDPR hysteria has died down, it’s a good time to remember that there are other risks that charities must now consider if they’re going to survive the digital revolution.
It’ll come as no surprise that charities are facing increasing amounts of risk as the world enters the digital age. Sadly, it’s not just the risk of fire, flood and theft that charities have to consider anymore – now they also have to worry about malware, phishing, DoS, MITM, and any number of other different types of cyber attack that have cropped up over the past few years.
Unfortunately, charities can be particularly susceptible to cyber attacks, as they tend to store sensitive client data that can make them a particularly attractive prospect to opportunistic hackers. In fact, government research shows that 73 per cent of charities with incomes of over £5 million have been victims of cybercrime in the past year. And once you’ve factored in the reputational damage of a data breach (as well as the financial impact), it’s clear that the costs of a cyber attack are incredibly high.
With this in mind, here are 4 tips to protect your charity from a potential crisis.
Stay up to date on potential cyber risks to your sector, or scams that are specifically targeting organisations in your area. Keep your staff informed of the potential impacts a data breach might have, not just on the entire organisation, but on them individually. They may not even be aware that the potential fine under GDPR could be up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year (whichever is greater).
This one may seem obvious, but make sure you have strong passwords in place that are difficult to decipher. Change them regularly, and store them in a secure location. Encrypt any documents that are being sent via email, and only allow employees and volunteers limited access to sensitive documents.
As well as protecting your devices using anti-virus software, teach your staff how to identify a potential phishing email, as well as how to avoid them. For example, never input any personal data or click on any web links unless you’ve first verified the source.
Cyber insurance is key to making sure that your organisation is fully protected against any potential costs or damages associated with a cyber attack. With suitable cyber insurance in place (which can also sometimes be included as part of a charity insurance policy), you’re not only covered against loss of income and any claims made against you, but you’ll also have access to legal advice and a team of experts to help minimise the damage caused to your organisation.
Every charity is different, and has a unique motivation that affects the way their organisation operates. This in turn means that the risks they face are unique, and a ‘one-size-fits-all’ approach to their charity insurance just isn’t going to work.
With over 30 years’ experience and over 3,000 customers in the sector, we understand that charities require more of a personal touch. Our team of account managers will take the time to understand the complex needs of your charity and tailor an insurance solution to meets your needs.
Read our disclaimer.
With fraud costing UK charities up to £2 billion a year, it’s becoming increasingly important for charities to protect themselves against both internal and external risks.
On the 25th May 2018, The EU General Data Protection Regulation (GDPR) comes into force, and will be implemented in the UK via the government’s new Data Protection Bill.
The General Data Protection Regulation (GDPR) comes into force on the 25 May 2018, which will bring stricter penalties for insufficient data security. It is therefore vital for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.
As you begin to prepare for General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, read about protecting yourself against cyber risks, and how to mitigate the impact a data breach may have on your organisation.
For charities and not-for-profit organisations, fundraising is key. Find out more about safe fundraising, how to mitigate risks, and laws to consider.