top of page
  • Writer's pictureJared Thompson

3 Step Checklist to Help Charities Stay Secure Online

The last two years have brought on some major challenges for everyone across the charity sector. While so many charities have moved their staff to remote working and become more digitally aware, we sadly face more challenges from online criminals.

Staying secure online should be a priority for every charity. To help you keep on top of important security measures and keep your data out of the hands of hackers. We’ve developed this three-step security checklist to start your cyber security journey and help secure your data.

Privacy Settings

Review your Privacy Settings

This is very important to avoid exposing unnecessary information about you or your charity. It’s prudent to revisit your devices and social media account privacy settings and ensures these settings align with any security & device policies you have in place.

Privacy settings for Devices:

If you've just bought a new device or haven't looked at your security settings for a while, you should take time to ensure you're protected against the latest threats. Fortunately, most manufacturers provide easy-to-use guidance on how to secure your devices.

Privacy settings for Social Media:

gmail screenshot

Keep your email account secure

We found that email account compromise was the most common breach against charities in the North West, and phishing is the most commonly identified cyber attack against charities. So keep your email account secure with the following tips:

  • Make sure you have 2-Step Verification enabled on your accounts.

    • Update your recovery phone number and email address.

  • Ensure you have a strong, unique password on all your email accounts - don’t reuse the same one on multiple accounts!

  • Remove or disable any unused browser extensions.

  • Never give out your passwords - An email provider will never ask for your password in an email, message, or phone call.

  • Check any suspicious emails.

    • Do the email address and sender name match?

    • Are there spelling and grammar errors?

    • Does the email contain a veiled threat that asks you to act urgently?

    • If it sounds too good to be true, it probably is.

    • Forward any suspicious emails to the Suspicious Email Reporting Service (SERS):

Keep devices secure when working from home.

  • Set your updates to install automatically - keep your browser, operating system and apps up-to-date.

    • Remember to remove or disable any unused apps.

  • Make sure you are locking your screens if you are leaving your device left unattended.

  • Keep a backup of any important data in the cloud or use a removable storage device.

💡 Top Tip - When browsing a website, ensure the page is secure by checking that the web address begins with ‘HTTPS’ (‘s’ is for secure) and that there’s a closed padlock in the address bar. This means that the page is secure, but fraudsters could still operate the site.

NWCRC - Charity Checklist 2022
Download PDF • 80KB

Free Membership banner for charities

For further information regarding the help and support we can offer your charity or voluntary organisation, you can view our dedicated page for charities. Don't forget you can sign up for free Membership today, and if you have any questions, contact us today.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page