With the every-changing array of cyber threats, it is important for charities to ensure their cyber security is up-to-date and sufficiently comprehensive.
Charities need to make sure that they review their cybersecurity at least every year, and ensure that it is up to the job. This is because the landscape of security can change very quickly, and cyber threats are constantly adapting to exploit vulnerabilities that organisations might have overlooked if they have become negligent with their security. We decided to reach out to TechQuarters, a provider of managed IT services London based charities have worked with before. A lot of their work involves helping clients with security, so we discussed with them the types of threats that charities need to be aware of, and what they can do to protect themselves against these threats.
Cyber Threats for Charities
It is important for charities to be aware of the most common cyber threats, because this is the first step towards making sure that their security is sufficient to protect their organisation’s information (and the information of their customers and donors). So, what are the main threats to be aware of?
Malware
This refers to a very broad category of software that is specifically designed to help cybercriminals gain access to data through various means – it could be through a device, a website, or a network. There are many different types of malware. The most common types are as follows:
- Viruses – these programs are self-replicating (hence the name) and can quickly overwhelm a system or device.
- Spyware – these types of program are designed to remain hidden, while recording internet activity and other forms of data.
- Keyloggers – another type of program that hides of devices, and can record what keys on a keyboard have been pressed.
- Worms – just like viruses, these programs are self-replicating; their purpose is to eat away at data on a device, just like an actual worm.
- Trojans – this form of malware is disguised to resemble legitimate programs. Their purpose to open backdoors to systems and devices.
Phishing
This type of threat involves social engineering. In other words, cybercriminals use spoofed websites, adverts, and even direct messaging and emails to trick users into downloading malware, or even voluntarily giving the cybercriminals their personal information. These types of attacks are why TechQuarters, as a provider of business IT support London companies trust, commit to educating their clients on safe internet browsing practices, and avoiding interacting with strangers.
Ransomware
This is a type of cyberattack that is designed to hold users’ data ransom. It may use a mixture of social engineering and malware attacks to gain access to an account or system, and lock the original user out of it until they pay a ransom.
How Can Charities Combat Cyber Threats?
In order for charities to uphold a high level of cybersecurity for their organisation, it is important to implement a multi-faceted strategy. Having provided IT support for Charities for many years, TechQuarters was able to describe to us some of the most important steps to take when building a strong cyber defence.
- Upgrade Technology Solutions – It is an unfortunately fact that technology – especially hardware – can become outdated very quickly. This is because cybersecurity developers are constantly working to improve the standard of security of both hardware and software. If a charity has not upgraded their technology for a few years, this should be their first step.
- Maintain Proper Password Practices – This means no more reusing passwords, and ensuring that all passwords have a high entropy (meaning it would take longer for a brute-force attack to guess the password).
- Keep Networks Protected – A robust firewall should be used to protect company networks. If employees work remotely, they should be using a VPN to add an extra layer of privacy to the network they are using.
- Educate Employees – There really is no substitute for this. All the security solutions in the world can’t protect a charity from reckless behaviour. This means employees need to be careful about clicking on ads and links while browsing the internet. There should also be policies around not sharing company data to persona devices and accounts.
