top of page
  • Writer's pictureJared Thompson

Don't give cybercriminals a spare rod and bait to reel in your charities data

By their very nature, Charities hold a huge amount of information that is attractive to hackers. The information held by charities often includes personal, sensitive, and financial data that, when in the hands of cybercriminals, can be sold, held at ransom, or used to steal funds.

Cybercriminals often get hold of this information via malware infiltration on a computer system or electronic devices such as smartphones or tablets. Malware is software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system or device.

Ransomware is a type of malware that is designed to block access to a computer system until a sum of money is paid. Suppose your charity fell victim to a ransomware attack. In that case, the cybercriminals behind it will threaten to publish your charity's data or perpetually block access to it unless a ransom is paid. If a ransom fee is paid, there is no guarantee that data will ever be returned to you.

Beware of Phishing Attacks

Another method that cybercriminals will use to obtain information is Phishing, not to be confused with fishing and being stood on a riverbank with bait and a rod. However, the principle of hooking something valuable is applicable.

The Cyber Security Breaches Survey for 2023 revealed that Phishing is the most identified cyber-attack against charities. Among the 24% of charities identifying any breaches or attacks, 85% had phishing attacks, and 7% had viruses (including spyware or malware).

Phishing is when your employees are contacted by email, telephone or SMS by cybercriminals posing as legitimate persons or organisations. The fraudulent company or individual will lure employees into providing sensitive data such as personal information, banking and credit card details, and passwords.

Examples of typical phishing emails include; Dropbox, Paypal and Office 365 scams.

Want to build resilience in your staff to phishing emails? A Simulated Phishing Exercise can test your staff members to see if they can spot warning signs and red flags and consequently follow the correct procedures to deal with the Phishing email.

The NCSC's guidance for charities

The NCSC's guidance for charities will help you take action to protect your charity from malware attacks. Here are some basics you can action today to get things started:

  1. First, ensure you are backing up your data correctly on an external drive or the cloud and have an Incident Response Plan in place.

  2. Protecting your organisation against malware - ensure your anti-virus software is updated regularly.

  3. Keep any devices used by your employees secure with passwords and passcodes.

  4. Creating strong passwords - A good way to create a strong and memorable password is to use three random words. Symbols and numbers can still be used if needed, for example, 7blueradioelephants!

  5. Defend your organisation against phishing emails and test their resilience through a simulated phishing exercise.

For further information regarding the help and support we can offer your charity or voluntary organisation, you can view our dedicated page for charities.

Free Membership banner for charities


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page