How to protect your charity from cyber attacks

How to protect your charity from cyber attacks

No organisation, big or small, is immune to a data breach, and instances of cyber crime have risen dramatically in recent years as organisations become increasingly dependent on technology and computer systems. According to the Hiscox Cyber Readiness Report 2018, if you factor in only those organisations that were targeted, cyber crime has cost organisations an average of $229,000 over the past year.

General Data Protection Regulation (GDPR) comes into force 25 May 2018 which will bring stricter penalties for insufficient data security. It is therefore important for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.

What is a ‘cyber risk?’

A cyber risk usually refers to some sort of data breach, and is generally considered to be any risk originating from ‘cyber space,’ or as it is more commonly known, the internet. A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.

There are various causes of data breaches:

Loss or theft of data

An example of data loss would be where a malware attack has deleted large amounts of customer data from your computer. Data theft could be as a result of a viral infection (e.g. from a phishing email or hacker) which allows data to be stolen from your hard drive.

Human error

Contrary to popular belief, data breaches are most commonly as a result of human error, with almost two thirds of data breaches caused (inadvertently) by employees. This could be anything from an employee losing a memory stick holding customer data, to sending information to the wrong person.


Hacking is where someone maliciously gains unauthorized access to data in a system or computer with the intent of stealing the data for personal use or to sell for financial gain.

Vulnerable software

A weak or compromised security software system on your network could leave your organisation especially vulnerable to a cyber attack.

How might a breach affect your charity?

Loss of income

As well as the cost of clean up after a data breach (such as implementing new security systems), with GDPR comes more stringent penalties for data breaches. For a breach, a firm can be fined up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year - whichever is greater. For a small organisation, this could be financially devastating, so it’s important to make sure your cyber security is up to scratch.

Reputational damage

Aside from the loss of data or the financial implications, a cyber attack could cause serious reputational damage to your organisation. This could result in loss of funding or clients, with people less likely to engage with your organisation for fear of their data being compromised.

Business interruption

If a website or back office system were to be hacked, for example, an organisation may find that they need to stop or slow down day-to-day activity whilst they get their website and/or security systems back up and running following a breach. As a result the organisation may see a loss of income if products and/or services cannot be delivered.

4 tips for preventing cyber risks

  1. Regularly update your protection software. As well as protecting your devices using anti-virus software, your staff should also be made aware of any potential email scams, and how to avoid them. For example, never input any personal data or click on any web links unless you’ve first verified the source.
  2. Have an internal reporting process to share any concerns. It’s important for employees and volunteers to understand the importance of reporting a potential breach.
  3. Have strong passwords that are difficult to decipher. Change them regularly, and store them in a secure location.
  4. Consider taking out cyber liability insurance to protect your organisation against the cost of a breach of data. Cyber liability insurance offers protection for computer systems and data in the event of a breach, and some policies will also cover against fines imposed by the ICO.

Read our disclaimer.

Naomi Soanes

Naomi Soanes is a Digital Engagement Executive in our marketing team.

Related articles

How to protect your charity from fraud

With fraud costing UK charities up to £2 billion a year, it’s becoming increasingly important for charities to protect themselves against both internal and external risks.

3 tips to prepare your charity for GDPR

On the 25th May 2018, The EU General Data Protection Regulation (GDPR) comes into force, and will be implemented in the UK via the government’s new Data Protection Bill.

How to spring clean your smartphone

Most people know that computers need regular maintenance to stay in good working order, but our phones generally get no such devoted care and attention. Here are a few tips to keep your phone in good working order.

Identity fraud – why it matters and what to do about it

Everyone is at risk from identity fraud. In fact, young adults are the fastest growing age group targeted. Find out how to prevent fraudsters.

How to prevent a cyber ‘meltdown’

The General Data Protection Regulation (GDPR) comes into force on the 25 May 2018, which will bring stricter penalties for insufficient data security. It is therefore vital for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.