Spies step in to stop charities being fleeced by hackers after non-profit has £13k drained from its account
The National Cyber Security Centre has warned charities to be more careful about protecting their systems
SPOOKS have been forced to step in to stop charities losing thousands of pounds to hackers after it emerged one UK charity lost £13,000 in one lump sum.
The National Cyber Security Centre also warned that charities are failing to keep people’s personal data and payment information safe from online attacks.
Intelligence chiefs said charities’ culture of openness makes small charities more vulnerable to cyber fraud and extortion.
This had left them to fall victim to a range of malicious activity - but the problem could be even greater because of under-reporting, spy bosses said.
The warnings came in an NCSC report detailing the cyber threat to the sector for the first time.
Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.
In one shocking example, a charity lost £13,000 after the chief executive’s emails were hacked and a fraudulent message sent to its financial manager with instructions to release the funds.
The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security.
“Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity.
“We believe many, particularly smaller charities, do not realise this and do not perceive themselves as targets.”
The study warned that data containing personal details and financial information are an attractive target for criminals.
It said: “Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.
“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”
While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.
Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks.
They include advice on passwords, backing up data and protecting systems from malware.
NCSC director for engagement Alison Whitney said: “Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.
“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”
MOST READ IN POLITICS
Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework - unfortunately charities are not immune to fraud and cyber-crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.”
Nearly 200,000 charities are registered in the UK.