, , , , , , ,

Cybersecurity – not just for our corporate counterparts

security logo

Cybersecurity is on the minds of Australians given the recent breaches of AHM, Medibank, and Optus data. In our sector, Blackbaud paid a ransom and faces lawsuits filed by multiple customers due to a data breach in May 2020.

According to a recent article published in UK Fundraising, 1 in 8 charities have been affected by cybercrime in the past 12 months.

How secure is your organisation? A UK Charity Commission survey suggested the most common types of attacks were phishing and impersonation, both of which can put personal data at risk.

The survey conducted by IFF Research in October 2022, showed 2,330 charities in England and Wales underreport incidents with only 34% of affected charities reporting breaches.

Australian Charities and Not-for-Profits Commission (ACNC) White Paper

Every organisation has a duty to ensure cybersecurity. These and other actions can help ensure your organisation is as secure as possible. The Australian Charities and Not-for-Profits Commission (ACNC) published a white paper focused on cybersecurity, which suggests real potential issues for each of our organisations if we do not mitigate risk. Those issues include:

  • loss of crucial information
  • disruption to services
  • unauthorised changes to your charity’s information and systems
  • expensive costs to restore data and services
  • costs of notification and investigation (including legal costs)
  • costs arising from the attack itself (for example, extortion or ransomware)
  • regulatory action and penalties
  • loss of trust and reputation

According to the Identify Theft Resource Center, the information exposed in the Blackbaud breach included Social Security numbers, driver’s license numbers, passport numbers, personal health information (PHI), financial information, credit card information, telephone numbers, email addresses, dates of birth, mailing addresses, phone numbers, student I.D. numbers, biographical information, donation dates, donation amounts and other donor profile information. Blackbaud is calling this a security incident.

The Charities Commission in the UK has suggested a stronger use of two-factor authentication, which is something most CRM suppliers are requiring of their customers. Further, the Commission suggests:

  • updating training and policies
  • backing up data using cloud services
  • ensuring the latest version of antivirus and other software is used

The ACNC recommends four steps to prevent cybersecurity:

  • identify and assess the risks
  • prevent incidents and mitigate risks
  • engage people in the charity, and even third parties, to help manage risks
  • take action when concerns, suspicion or complaints arise
What is your organisation doing to mitigate the risks of a cyberattack? Are your suppliers mitigating similar risks? Your organisation and its suppliers have responsibilities to your supporters. Together you can create a ring around your data and your systems.