How to prepare your charity for cybercrime

How to prepare your charity for cybercrime

You have probably been bombarded by so many different cyber security statistics in the past few years. We have been told that 76% of UK adults don’t know what ransomware is. We have heard that 74% of senior management roles in businesses have very high concerns. We know that 25% of organisations that have identified an attack have experienced a temporary loss of files. There are so many different numbers and percentages being stated that it becomes quite easy to be removed from the real subject: your security. At the end of the day, if we’re being honest, you’re not interested in these other companies experiencing problems, you’re interested in your own organisation’s security and how you can prepare for cybercrime.

Charities and non-profit organisations are prime targets for cybercrime

Charities and non-profit organisations hold sensitive data that is a prime target for hackers and other cyber-criminals. The other issue when it comes to charities and non-profit organisations is that there is a general assumption that they will not invest in adequate security, causing you to be perceived as an easy target. You need to ensure that you are taking the appropriate precautions with your organisation’s IT and data, or face the consequences that inadequate cyber security can bring.

Dealing with a lack of cyber security skills

In a research document published by the Department for Culture, Media & Sport, it was stated that  registered charities in the UK typically do not have specialist staff to engage with cyber security issues and that the problem was often in the hands of finance or chief executives. With competing demands on time and resources, the focus is often on fundraising leaving cyber security deprioritised.

With a typical lack of specialist knowledge in mind, it is important that charities and non-profit organisations have access to security precautions that make the process easier. Many charities use Microsoft’s Office 365 due to the donated licensing that they can receive. Microsoft have released a selection of additional tools available to organisations to increase their security precautions and provide peace of mind.

How to prepare your charity for cybercrime

Advanced Threat Protection

​The Advanced Threat Protection bolt-on for Office 365 is all about bringing an additional layer of security to your emails. The tool scans links and attachments in any emails that your staff receive to identify any malicious activity. If the tool does identify that a link or an attachment is malicious it will prevent the end-user from opening it. Charities and non-profits should most definitely be making sure that their staff are aware of cyber security threats that could put the organisation at risk. With Advanced Threat Protection, the risk of human error is lowered as technology is in place to make the judgement for your end users.

Multi-Factor Authentication

Another layer of security that can be added to your charity or non-profit organisation’s IT is Multi-Factor Authentication. Multi Factor Authentication brings security to your users. Instead of just relying on passwords for protecting the access to your data and documents, Multi Factor Authentication enables the ability to add additional layers to the process of accessing your Office 365 account. Users are texted or called to receive a pin that they need to key in to be able to access their Office 365 account. You can set this up in a multitude of different ways based on different scenarios. One of the key situations that we would recommend putting this in place is when an Office 365 account is accessed via a new device. For example, if your Finance Director tried to access their email through a different laptop they would need to add a pin code as an additional layer of security because Multi Factor Authentication would recognise that this is not their normal device.

Azure Rights Management

Azure Rights Management is the tool that can be added to Office 365 to help secure your data. Azure (if you weren’t aware) is the collective name for all of Microsoft’s Cloud Services, including Office 365. The tool is all about protecting your data when it leaves the organisation. For example, you could have a situation where an employee has downloaded your data and emailed it to their personal email account before moving on to a new job. That file that they have sent to their personal email is now accessible to someone who is external to your organisation and you have no control over how they use it. With Azure Rights Management, this is not the case. The tool protects the data and document dependent upon policies you put in place. You can make it so that to open the document you will need an active Office 365 account, which they will no longer have if they have left the organisation. You can put several different policies, restrictions and permissions in place to protect your charity’s data.

Microsoft Intune

Many charities and non-profit organisations have remote workers out in the field that are fundraising or providing services. They will often work from mobile devices to be able to do this. Microsoft Intune adds an extra layer of security to these devices. Intune is a tool that manages devices and applications to ensure data security. If your employees are using personal devices then you can manage the data on them to ensure that you don’t suffer from a breach.

Backup and Disaster Recovery

There are many ways you can prepare your charity or non-profit organisation for cybercrime. It’s essential that you make sure that your staff know what to look out for and know what can be malicious. Making sure that you also have tools in place to add extra layers of protection is also a good idea. The more layers of security you can add to your IT, the stronger it will be.

We would love to hear your thoughts and ideas on how cybercrime affects charities and non-profit organisations. If you would like to know more, say hello today and call 01675 469020 or email hello@acutec.co.uk