Charities and non-profits are the good guys, right? Even cyber criminals – with their broken moral compasses – know that and focus their attention on other quarry.
You’d think.
And you’d think wrong.
The sad truth is charities are not off limits to hackers. On the contrary, with their limited resources, charity cyber security is notoriously weak and not for profits are often seen as easy pickings. According to a 2022 survey, 30% identified a cyber attack in the last 12 months. And the notorious 2017 Wannacry ransomware attack (more on that later) proved nothing is sacred. It demanded ransoms from thousands of NHS hospitals and surgeries.
The NHS. Really? How low can they go?
This is a rhetorical question. The answer is very, very low.
Why Charities and Non-Profits are so Vulnerable
Now we’ve established that the criminals will go there, it’s worth pointing out that non-profits are particularly vulnerable to attack.
There are many reasons why charity cyber security is commonly sub-par. The government’s National Cyber Security Centre (NCSC) points out a few:
- Charities are reluctant to spend significantly on anything but frontline work. In other words, they feel dutybound to focus their spend on charitable activities.
- They have more part-time staff than for-profit organisations, which makes it harder to get people on board with cyber security.
- They have limited funds and believe that adequate cyber security is not within their budgets.
What the NCSC Says Charities Should do to Protect their IT
The NCSC has acknowledged the charity cyber security problem by publishing a very useful leaflet giving solid advice on shoring up your defences. We’d highly recommend you read it. Broadly it covers:
Data back-up – to minimise the effect of any data loss or ransomware.
Keeping devices safe – PIN and password protection, remote wiping of stolen devices, keeping devices up to date, and avoiding public Wi-Fi.
Preventing malware damage – by using antivirus software, patches, and firewalls; and prohibiting the use of non-approved external USBs.
Avoiding phishing attacks – by scanning for malware, regularly changing passwords and educating users.
Using passwords to protect data – specifically by implementing 2FA and avoiding predictable passwords.
This is great advice. However, before you roll up your sleeves and start devising a plan, we recommend one simple action. It will have a major impact on your ability to repel the bad guys because it will do much of the above in one hit.
What Intersys Says You Should do to Protect Your IT
Before revealing our number one suggestion, a note on our credentials. We are a dedicated cyber security provider with decades of experience in the not-for-profit sector. We have worked with: prestigious international development charities, SEN schools, housing associations; and many more not-for-profit and charity sector bodies.
In our work, one major flaw that we come across again and again in charity cyber security is this: the use of outdated, end-of-life Microsoft software such as Office 365.
It’s understandable. Charities may hang on to older tech because they think they can’t afford to update it, or because they like it and fear change. But end-of-life software receives zero security updates, bug fixes, patches or monitoring. It is extremely vulnerable.
A case in point: the WannaCry NHS attack referenced at the top of this article was due to an out-of-date Microsoft Windows operating system.
So, our top suggestion is this: you can and should improve charity cyber security rapidly by implementing up-to-date Microsoft software.
However, our partners at Microsoft tell us there are still thousands of charities who are using the old Office 365 instead of the new Microsoft 365.
Microsoft Discounts for Charities
Yes, but we don’t have the resources to update our OS,’ you might reasonably say.
Fortunately, this obstacle can almost certainly be overcome. Microsoft offers great value packages for charities. Its not-for-profit Technology for Social Impact (TSI) programme runs many offers for non-profits including:
- Microsoft 365 Business Premium free for up to 10 users and discounts for 11+ users
- credits on Azure and other cloud services
- help with modernising financial systems and business processes
Intersys is a Microsoft Modern Workplace partner working with Microsoft TSI. We can help you access these deals and implement new, robust, technology that will repel attacks – at a cost that fits in with the reality of running a charity.
In fact, we will soon be running a webinar exclusively for charities who are running end-of-life Microsoft licenses. Register your interest for the event here and you could get Microsoft discounts as well as the latest security advice to keep your non-profit cyber secure.
So listen to the NCSC advice, because it’s sound advice. But if you want to get started with ramping up your charity cyber security quickly (and you should), upgrade your Microsoft software now.
Get in touch and we’ll let you know what deals may be available to your not-for-profit now.