The gift of cyber security for charity organisations
4 minute read
Kelsey Smith
November 28th, 2024
*This blog was last updated on December 5th, 2024
Cyber criminals work all year-round, so why do we see such an increase in phishing campaigns over the Christmas period, especially for charity organisations? We explore why the festive season is prime time for cyber attacks and how to protect yourself from getting caught out.
As we quickly approach Christmas, many of us are getting into the festive spirit. But as charities find themselves busier than ever, managing holiday campaigns, supporting communities, and fundraising efforts, this time of year is vulnerable to an increase in successful phishing campaigns. That means that cyber security should remain a top priority.
So, what should you be looking out for over the next few months? And how can you prevent your charity from falling victim to a festive cyber scam?
Phishing campaigns
According to the Cyber Security Breaches Survey 2024, 94% of charities have experienced a phishing attack. Organisations need to be vigilant to phishing campaigns at all times, but as we see more targeted attacks over the festive period, individuals within your organisation are likely to be more frequently exposed due to an increase in attempts.
These attacks usually leverage human habits and behaviours, and as Christmas is a key time for donations and various charity work, threat actors utilise strategies relating to these campaigns to target charities. Think online retailers, delivery companies, and online booking platforms.
These emails can be very convincing and difficult to spot, but the simplest way to reduce your chances of falling victim to cyber crime is to think before you click.
It sounds easy, but taking the time to familiarise yourself with the most common signs of a scam email and properly reading emails before clicking on anything within them is the best way to protect against them.
Most common signs of a phishing email
There are many warnings that can alert you to a phishing attempt, but the most common signs to look out for are:
- Grammar and spelling errors
- Inconsistencies in email addresses, links, and domain names
- Threats or a sense of urgency
- A sense of scarcity (e.g. act now, only five places left). This encourages colleagues to act quickly
- Unusual requests
- Request for credentials, payment information, or other personal details
If you spot any of these in an email that you receive, be cautious. Before you click on anything, verify the request by visiting the sender’s website or contacting them directly (remember to never click on the links within the email, instead, visit the website directly via your browser), and if you’re still unsure, report it to your cyber security or IT team for inspection.
However, as cyber criminals look for new ways to convince you that emails are genuine in the hope that you’ll take action, phishing campaigns are always changing, and emails are becoming more sophisticated. Because of this, you must remain vigilant even when the usual tell-tale signs of a scam aren’t present. If something about an email doesn’t feel quite right, it’s probably because it isn’t and it’s best to approach with caution by flagging it to the relevant team at your organisation.
Password hygiene and multi-factor authentication (MFA)
Password hygiene is a hot topic when it comes to cyber security, and with good reason. A strong, secure password is one of your main defences against cyber criminals accessing your online accounts.
Alongside a solid password, multi-factor authentication (MFA) adds an extra layer of protection. Most modern websites and apps have the option to enable MFA, and where this is available, it is strongly recommended that you do. Once MFA is enabled, even if a hacker does gain access to your passwords, they will find it difficult to get into your accounts without the unique, one-off code generated by MFA, which is usually sent directly to your mobile device and/ or email address for you to confirm.
Protect your reputation
During the festive season, your charity’s reputation becomes a prime target for cyber criminals. Fraudsters may exploit your brand by creating fake donation campaigns or websites, tricking potential donors. This not only diverts funds away from your mission but can also harm the trust you’ve worked to build with supporters.
- Monitor your digital presence regularly, including social media platforms, to identify and report fraudulent activities using your brand
- Use tools like domain monitoring services to identify websites impersonating your organisation
- Communicate with your supporters about how to verify legitimate donation requests and avoid scams
We support organisations of all sizes to identify and manage risks in their cyber security strategy.
We also work closely with the NCVO, and as a Trusted Supplier, we understand the unique challenges faced by charity organisations and their need to protect sensitive data.