Summary
Cyber security for charities and not-for-profits
The Australian Signals Directorate has release a guide for charities and not-for-profits to avoid common cyber threats and protect their mission.
Cyber security is essential for all charities and not-for-profit organisations.
Cyber threats are on the rise in Australia, with charities and not-for-profits prime targets for cybercriminals. In the 2022-23 financial year, ASD received nearly 94,000 cybercrime reports. This averages to one report every 6 minutes.
The effects of a cyber security incident can be devastating which could include:
- financial loss
- data breaches
- reputational damage
- loss of trust from donors and beneficiaries
- harm to the communities you serve.
Key cyber threats
Phishing
Phishing is a common cyber threat to charities and not-for-profits. Cybercriminals will impersonate an individual or organisation using emails or messages. They will try to trick the recipient into sharing sensitive information or downloading malicious software.
To prevent phishing attacks, train staff on how to recognise scam emails and use multi-factor authentication.
Business Email Compromise
Business email compromise is when a cybercriminal pretends to be someone who represents a company. They may do this by using hacked email accounts or creating domain names that look real. Usually, the goal is to trick victims into sending funds to a bank account they control.
Staff should be wary of requests to make urgent payments or change bank account details. Verify these requests by contacting the sender in another way, for example over the phone or face-to-face.
Ransomware
Ransomware works by locking or encrypting your files so you can no longer access them. Cybercriminals demand a ransom, usually in the form of cryptocurrency, to restore access to the files. They may also threaten to publish or sell data online, unless you pay the ransom.
To prevent and mitigate these attacks, follow our advice to protect yourself from ransomware. This includes backing up important data and securing servers on the network.
Top cyber security tips for charities and not-for-profits
- Turn on multi-factor authentication where possible.
- Check automatic updates are on and install updates as soon as possible.
- Back up important files and device configurations often. Test your backups on a regular basis.
- Use a reputable password manager to create strong, unique passwords or passphrases for your accounts.
- Provide cyber security training, particularly on how to recognise scams and phishing attempts.
- Use access controls and review them often so staff can only access what they need for their duties. This will reduce potential damage caused by malware or unauthorised access to systems.
- Use only reputable and secure cloud services and managed service providers.
- Test cyber security detection, incident response, business continuity and disaster recovery plans often.
- Review the cyber security posture of remote workers and connections. Make sure staff are aware of secure ways to work remotely such as not accessing sensitive information in public.
- Report a cybercrime, incident or vulnerability to protect yourself from further harm.
- Join ASD’s Cyber Security Partnership Program as a business or network partner. This free program provides advice and insights on the cyber security landscape.
Protecting your charity or not-for-profit from cyber attacks is an ongoing process. Review your cyber security regularly to strengthen your charity’s resilience. Seek help from an IT professional if you are unsure.
