What churches and charities can learn from Cybersecurity Awareness Month

We’re more than halfway through Cybersecurity Awareness Month, a global initiative that promotes better cyber awareness to individuals and organisations.

Originating in America and now in its 14th year, the annual campaign aims to provide the latest online security information through awareness-raising activities and sharing best practices.

Throughout the month, businesses and consumers have been taking part in a host of physical and virtual events that explore the latest cybersecurity threats and risks, and how to combat them.

The aim is to equip organisations with greater knowledge of how to protect themselves, their data, and their services users from a wide range of common cyber-attacks and techniques used by hackers and cybercriminals.

Although cybersecurity awareness is at an all-time high thanks, in part, to events like Cybersecurity Awareness Month, many organisations and individuals still aren’t taking sufficient steps to protect themselves. Too many are still falling victim to attacks.

It’s still a common misconception that cybercrime affects only big businesses and large organisations. In reality, SMEs and smaller charities and non-profit organisations make easier targets because they don’t have access to the same security resources and expertise as their larger counterparts.

However, by taking just a few simple steps, SMEs and charitable organisations can build adequate cyber defences that help protect them against the most common threats.

 

What is Cybersecurity Awareness Month?

Many of the UK’s biggest and most well-known charities are run like corporate operations. They benefit from big budgets, can attract the best talent and expertise, and can afford to invest in the latest technologies and innovations.

Unfortunately, many smaller, independent or local charitable organisations – and SMEs – don’t have that luxury.

Many must make do with support from volunteers, have limited technology budgets and lack the skills and expertise to do cybersecurity properly.
As a result, they are far more likely to fall victim to a cyberattack.

The realities are stark. A cyberattack or data breach can not only cause financial loss and service downtime, but it can also damage a business’ or organisation’s brand and reputation.

Cybersecurity Awareness Month was introduced to try and level the playing field and equip smaller businesses and organisations with the same knowledge and expertise that the bigger organisations have access to. It aims to make all users aware of the ongoing security measures they can put in place to protect themselves and the organisations they work for.

 

How can charities improve their cybersecurity?

Solving the cybersecurity challenge can be a tricky conundrum for organisations of all sizes. However, for smaller businesses and charities, the problem can be particularly acute.

Cyber-criminals don’t distinguish between their victims. Because smaller organisations typically don’t have the budget or resources to invest heavily in their cyber defences, they often get caught out.

Hackers view any organisation which has money that can be taken from them as easy targets. So, in reality, all organisations have to do to protect themselves is to make themselves a less attractive target.

It means everyone involved, including volunteers, employees, supporters, advisers and trustees has a role in keeping their organisation safe from cyber threats.

However, building an adequate level of cybersecurity that will make your organisation less vulnerable to hackers doesn’t have to cost the earth.

Some simple steps can be implemented quickly to make your organisation more robust. These include:

 

✅Data backup

Taking regular backups of your essential data and testing it can be restored is vital. This will minimise the impact and inconvenience of any data loss from a cybersecurity breach, ransomware attack or a physical event like a fire, flood or power outage.

The first stage is to identify what needs to be backed up, such as documents, emails, contacts, financial records and databases.

You should ensure that the device or server containing your data backup is not permanently connected to the machine holding the original copy, either physically or over a local network.

The most cost-effective way is to back your data up to the cloud, which means your data is safely stored, virtually, and can be accessed quickly from any internet-enabled device.

There are several cloud-based data backup solutions to choose from, and many offer heavily discounted plans to charitable organisations.

AMDH offers a reasonably priced cloud-based backup solution for PCs, laptops and servers. We also have a Microsoft 365 backup solution if you’re storing your data in the cloud already.

 

✅Device safety

Keeping your charity’s devices – such as desktop computers, laptops, smartphones and tablets – secure and password protected is critical.

Weak device security is a significant vulnerability which cyber-criminals can exploit.

Bear in mind that devices which your users can access outside your normal office environment need even more protection.

So, you should ensure all your devices have PIN or password protection or biometric recognition where appropriate.

Devices should be configured so they can be tracked, locked or wiped remotely if they are lost or stolen.

And you should keep all your devices, software, and applications up to date with the latest versions and upgrade systems that the manufacturer no longer supports.

For antivirus, we recommend using either Microsoft Defender for Endpoint solution that integrates into M365, or BitDefender Small Office Security, which is reasonably priced for small organisations.

 

✅Password security

Good password security is another crucial element in building an effective cyber defence.

Correctly implemented passwords are a free, easy and effective way of preventing unauthorised people from accessing your devices, networks and data.

Some things to bear in mind include ensuring all your organisation’s devices are encrypted and require a password to decrypt and log in.

As above, implement PIN/password or fingerprint recognition for mobile devices, and use two-factor authentication to protect sensitive apps or data.

Before issuing devices or software to your users, change the manufacturers’ default passwords and encourage your team to avoid using predictable or common passwords that are easy to guess or work out.

There are many free password manager applications available, like LastPass, which make it easy for you and your users to create and store secure and complex passwords. Read our blog about password managers to find out more.

 

✅Malware protection

There are some low-cost and straightforward techniques you can use to protect your devices and networks from malware.

Antivirus software is often included for free with most popular operating systems and should be used on all computers and laptops.

Most operating systems also include a firewall, so you should make use of this wherever possible.

Keeping your software up to date with the latest security patches and updates is essential, so these should be promptly applied wherever possible.

You should also prevent your users from downloading third-party apps from unknown sources, and control user access to removable media such as SD cards and USB sticks, as staff can unwittingly transfer malware from infected external media into your network.

 

✅Phishing attacks

Phishing attacks are still commonplace. They see scammers sending fake emails asking for sensitive information, such as bank details, or trying to get recipients to click on links to dodgy websites. When clicked, these often download malware onto your system.

User awareness is essential here. Your users should be encouraged to check for obvious signs of phishing, like unexpected or unsolicited emails with poor spelling and grammar or low-quality versions of recognisable logos.

Ensure your team don’t browse the web or check emails from an account with administrator privileges. And if you think a phishing attack has caught your organisation out, scan for malware and change passwords as soon as possible to minimise the damage.

 

If you enjoyed this blog and want to learn more about how we can help your charity or non-profit organisation improve its cybersecurity, give us a call on 01332 322588, or fill out our contact form to request a free consultation.

Want to know more?

Why not contact us to arrange a FREE consultation to talk about your ICT needs and how they could best be met?