Is your charity fully protected against cyber-attack?
In the current climate of high profile cyber security breaches, most businesses will be taking steps to secure themselves against attack. However, charities also need to be alert and informed about this threat. Xenace is passionate about working with charities, we already work closely with a number of charities and we have staff with 30 years’ experience in the charity sector. Cyber security breaches can be fatal to any business, so when this sort of attack happens to charities it is even more distressing.
Why could charities be vulnerable to attack?
• Casual employees
With the employment of many volunteers who work on a more casual basis, it is more difficult for charities to ensure that everyone has the same high level of online security training. This is essential training for all employees, it only takes one employee clicking on one unsafe link for hackers to be able to access all your data.
• Non-Regulated IT Support
If your charity does not have a regular IT support system in place, this most likely means that you will not have regular internal security and data checks to keep all your technology updated and regulated. This is imperative as a process to catch any security breach at its earliest point and prevent any serious damage to your systems.
• Frequent use of e-mail and social media
In the 21st century, any charity is going to be dependent on e-mails, internet and social media. With this comes a high risk of a security breach as phishing and suspicious links are most commonly found in e-mails and on social media. Also, if payments are being made over e-mail this needs to be heavily secured as hackers can send e-mails which appear to be from a company you regularly work with or even to look like it was a transfer with an internal colleague in order to access your details.
What you can do to make your charity more secure
- Staff Awareness
Developing and regulating your staff and volunteers' cyber security training and knowledge is the best way to prevent a cyber attack. Xenace are currently developing a new phishing awareness product. The service provides an independent assessment of employee susceptibility to phishing e-mails and benchmarks your security awareness as a company. After conducting this test, we advise enrolling all your staff and volunteers on our to reduce the likelihood of falling victim to cyber threats by helping everyone to understand how phishing works, the consequences of a successful attack and how to identify and respond to malicious messages. If you want to find out more you can get in touch with us or simply e-mail firstname.lastname@example.org to register your interest. Keep in mind that, as with all our services, we will have a preferential discount for charities.
- Security Software
Regular software updates, up to date antivirus protection and backups of your data should be a high priority for your business. Security software is also something that we can provide and maintain: our hosted virtual desktops are encrypted using the highest possible security levels, ensuring members of staff can work on documents and files without any safety concerns. As part of Xenace's managed security services, we are now offering customers an extra layer of protection against modern malware in the form of Bitdefender GravityZone. Your security, like all our services, can be tailor-made to suit your needs. This is something we would assess in order to advise you what package best fits you as an individual charity.
- Shared information
Any information that you publicly share online is what hackers will use to find out as much about you and who you deal with as they can. This enables them to pose as someone internal or a company that you do business with. Therefore it is imperative that you are knowledgeable about how much you are currently sharing and how much you should be sharing. We can advise you how much about your charity you should be sharing online.
- Payment regulations
Finally, any payment made or any payment information that is given over e-mail needs to be given at least a two-step approval. Payee details need to be thoroughly checked to make sure they are legitimate, and two employees including one senior must check the e-mail before giving away any personal details. Phishing attacks are getting more and more intelligent and it is very difficult for anyone to spot a suspicious email from a legitimate one without a high level of training.
If you are reading this and have any concerns that any of these areas are not covered, please get in touch. We would be more than happy to carry out a full assessment of your security to let you know if there are areas that require more attention. If you are also interested in the phishing training that we are launching soon, please register your interest by e-mailing email@example.com and we will be in touch with more information very soon.