Charity begins at home working

As COVID-19 impacts us all in ways that we perhaps hadn’t imagined before, it’s true to say we are certainly living in uncertain times.

From social isolation to social distancing, our lives have changed quite dramatically in a very short space of time. First to be impacted/restricted were large gatherings, which meant football matches and concerts were suddenly and abruptly stopped. Next came the closure of pubs, clubs and restaurants. Finally; self-isolation.

The impact is dramatic, and profound. Everyone from venue owners to taxi drivers have been affected, but perhaps the lesser known or considered impact is on the Charity sector.

Charities rely on large swathes of people coming together to support a common cause. I’m not talking about the local football team, I’m talking about the fight against cancer, heart disease, mental health issues, environmental issues, and countless other issues which rely heavily on donations from the general public.

Charities the world all over have long relied on sporting events and gatherings of all kinds to raise much needed money to fund their campaigns and research. But within weeks, community events, marathons and fun runs were cancelled, or postponed.

Don’t let money fall through the gaps

Raising money therefore has become a very real challenge over recent weeks, especially as teams are now isolated, and disconnected.

How charities will be able to survive over the coming weeks and months is yet to be fully understood, but one thing is for certain; We must be careful where we focus our resources now, more than ever.

Cybercriminals rely on organisations having ‘gaps’ in their thinking around security, but also gaps in processes. At a time where we are increasingly isolated, the gaps have never been wider. The Finance Controller isn’t just down the hall, or across the room. You need to pick up the phone, or send an email to check that the email you’ve received from them is truly from them, and not someone who has spoofed their email address.

Security in insecure times

Gaining support from people during these difficult times is going to be challenging but not impossible. People are still caring and want to donate, so I don’t think this will be an issue for the foreseeable future. Of course the loss of revenue from larger events is going to cause a sharp drop in donations, but survival is possible – but only if we’re able to keep the lights on during these dark times.

Unfortunately, we’re seeing the dark elements of society seeing this current crisis as a major opportunity to make money out of the social distancing and isolation people are being forced to endure.

Cybercriminals still want access to you bank accounts, your records or simply to blackmail you. 

Please Give Generously

It was revealed in a report by the Department for Digital, Culture, Media and Sport that 22% of charities were subject to a breach or attack in 2018, and just over half of respondents identified cybersecurity as a key priority. However almost three quarters said they hadn’t invested in cybersecurity in the last 12mths, with 81% of these charities victims of Phishing attacks.

This is now on the increase. Already we’re seeing a spike in Phishing and Smishing attacks focused on COVID-19. These Phishing and text based Smishing attacks include official-looking messages purporting to come from the Government offering financial relief to businesses (and charities) and offers from stores to ‘fast track’ people’s home deliveries. Other messages include Government warnings that you’ve been spotted outside the house more than the allotted time, and therefore are receiving an instant fine. All you need to do is ‘click this link’ to discuss this further, or pay now.

Not Victim Blaming

For any organisation to be affected by a Data breach and/or a cyber attack, is a terrible thing.  But it is particularly distasteful when it affects charitable organisations. But the sad fact of the matter is this; To the cyber criminal you are just like anyone else. Cyber criminals simply don’t care who they target. 

They will always go for the ‘low hanging fruit’, and Charities aren’t helping themselves when it is revealed in the same report that just over half of respondents identified cybersecurity as a key priority, but almost three quarters said they hadn’t invested in cybersecurity.

Now with a workforce operating remotely, using devices that perhaps aren’t as up to date as they should be (some people are sharing their devices with their children), the cyber criminals are going into overdrive in an attempt to extract even more money from all of us.

Cybercrime 2.0

What many people fail to appreciate is that cyber criminals are not just ‘teen hackers’ in their bedrooms carrying out attacks, in a cunning game of skills. Quite often these are highly organised gangs using sophisticated tools to carry out their attacks on those who are weak and ill prepared. Their ‘business model’ relies on organisations not having the basic safeguards in place but having access to lots of money.

They rely on organisations who haven’t invested in cybersecurity but do have high levels of transient staff (lack of training = less aware).

Cybercriminals may be a lot of things, but they’re not stupid. They know how to identify an easy target and how to exploit the situation we’re all facing. They’re on the look-out for anyone who displays a weakness, and then they’ll exploit it. Sorry, but they don’t care if your charity is for the homeless, the sick and needy or for your favourite type of animal. All they care about is how they can separate you from your money.

What to do?

If you are a Charity you need to recognise (if you didn’t already) that you are a business. Yes you are there to raise money for a worthy cause, but you are still a business. Therefore, you are a target of cyber criminals.

What you need to do is recognise that you need to take precautions and ensure all the money you raise is wisely spent on the important things. 

You need to close the gaps. This is a time for all of us to work together, but your team needs to quite literally ‘pull together’, so there are no gaps in your processes.

One way to do this is to think of cybersecurity as a business risk, not an IT issue. You should consider where your gaps are in relation to;

• People
• Premises
• Processes
• PCs
• Providers

Charity begins at home working

I’m not going to go through each of these areas here (as that would make this a VERY long blog!) but I will be covering the other aspects of cyber security in a webinar. In that webinar I’ll share insights into what you can do to make your Charity more robust and secure, in these challenging times.

But if there is one piece of advice I would offer it is this; It is often said that people are your biggest weakness. This is not true. They are your greatest asset, so you should…

1. Communicate with them.
2. Train them.
3. Educate them.

They are working from home and in an environment that you are most likely unfamiliar with.  There are threats from cyber criminals yes, but also from the house pet (cat, dog, budgie?!) who may knock over a drink on that expensive laptop you just bought! 

Working securely at home isn’t just about thinking about the external threats, it’s considering the three-year old ’threat’ sat in the front room watching CBEEBIES!

Yes, people do silly things sometimes and ‘Insider Threats’ are a real issue. But having good policies, and practices in place, and training and educating your staff will build a workforce that becomes your first and last line of defence.

Don’t rely solely on technology to protect you, because your technology can let you down when you need it most. If you educate your staff, they are less likely to let you down.

Conclusion

Cybersecurity is not a ‘Fun Run’. It takes commitment and it takes investment. Spending money on Cybersecurity is an investment, not a cost. Don’t use this crisis as an excuse to drop your guard. There’s simply no excuse for poor Cybersecurity.

Find the gaps and don’t let the bad guys in, because when I’m giving to Charity I like to think it is going to a good cause. Not a bad excuse.