Business and charity

4 tips to protect your charity from a potential crisis

Last updated: 16/10/20

No doubt that since May 2018, you've been busy getting used to the new processes you implemented due to the introduction of GDPR. This has been so important to all organsations who want to avoid the stringent penalties that come hand-in-hand with a data breach. But now that the post-GDPR hysteria has died down, it’s a good time to remember that there are other risks that charities must now consider if they’re going to survive the digital revolution.

It’ll come as no surprise that charities are facing increasing amounts of risk as the world enters the digital age. Sadly, it’s not just the risk of fire, flood and theft that charities have to consider anymore – now they also have to worry about malware, phishing, DoS, MITM, and any number of other different types of cyber attack that have cropped up over the past few years.

Unfortunately, charities can be particularly susceptible to cyber attacks, as they tend to store sensitive client data that can make them a particularly attractive prospect to opportunistic hackers. In fact, government research shows that 73 per cent of charities with incomes of over £5 million were victims of cybercrime in 2018. And once you’ve factored in the reputational damage of a data breach (as well as the financial impact), it’s clear that the costs of a cyber attack are incredibly high.

With this in mind, here are 4 tips to protect your charity from a potential crisis.

1. Keep staff informed

Stay up to date on potential cyber risks to your sector, or scams that are specifically targeting organisations in your area. Keep your staff informed of the potential impacts a data breach might have, not just on the entire organisation, but on them individually. They may not even be aware that the potential fine under GDPR could be up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year (whichever is greater).

2. Create strong passwords

This one may seem obvious, but make sure you have strong passwords in place that are difficult to decipher. Change them regularly, and store them in a secure location. Encrypt any documents that are being sent via email, and only allow employees and volunteers limited access to sensitive documents.

3. Regularly update your protection software

As well as protecting your devices using anti-virus software, teach your staff how to identify a potential phishing email, as well as how to avoid them. For example, never input any personal data or click on any web links unless you’ve first verified the source.

4. Take out cyber insurance

Cyber insurance is key to making sure that your organisation is fully protected against any potential costs or damages associated with a cyber attack. With suitable cyber insurance in place (which can also sometimes be included as part of a charity insurance policy), you’re not only covered against loss of income and any claims made against you, but you’ll also have access to legal advice and a team of experts to help minimise the damage caused to your organisation.

Making sure you’re covered

Every charity is different, and has a unique motivation that affects the way their organisation operates. This in turn means that the risks they face are unique, and a ‘one-size-fits-all’ approach to their charity insurance just isn’t going to work.

With over 30 years’ experience and over 3,000 customers in the sector, we understand that charities require more of a personal touch. Our team of account managers will take the time to understand the complex needs of your charity and tailor an insurance solution to meets your needs.

Find out more about Endsleigh’s specialist charity insurance here.

Read our disclaimer.