Why your charity is a great target for cybercriminals

You are doing a great job.   You manage, support a small charity, not for profit organisation and love what you do.

Your primary focus is to get as much done for your charity.   It could be donations, volunteers or grants but all for your primary charity focus.

Your whole role is to make sure that as much money goes through to the people in need.

Now I want you to step back and answer a couple of questions.

  • What would happen to all those good intentions if you got hacked?
  • How many of your supporters would you lose if you got hacked?
  • What would happen to your reputation if you got hacked?

But, it would not happen to you, would it?

Let me tell you a not so secret secret!

You are a target!

Maybe not a target of a full-blown black hat attack but you are a target none the less.  The analogy that I use is “what is the chance that a black belt martial arts person is going to beat you up?” Probably very remote!

When it comes to a cyber event, the black hat attacker is not the problem.

The problem is the hugely available and easy to use automated systems that are available for any person with an inclination to use them.

These automated systems create malware, deliver it, track it, monitor it, manage the stages of an attack and manage and control the money being made.   All a “ hacker” has to do is be willing and ethically capable and pull that trigger.

The risk to your charity organisation is significant.

Our attitude to the digital world as it is just a tool and anyone can use it is having a huge negative impact on business because it is not.

I can guarantee that your charity has a board, it has used a legal company for the structure and has an accountant to look at the books, but the most essential component of the organisation is what you put into the digital world.

From desktop computers to smart devices and cloud-based systems and services, the digital world is all around us.

We treat it like the normal world, that is bad.   Theft in the real world is seen and actioned, in the digital world, it is not.   I could have access to all of your data and you may not even know it is happening.

You need to talk to a MBSSP to bring your organisation to a level where your business security will protect the organistion, the data, the users but most importantly your clients, volunteers and supporters.

Without them you cannot function as a charity, and all your good intentions will disappear.

The best way to find out how vulnerable to a cyber event your organisation is.   Use the CareMIT Digital Diagnostic Tool or come to one of our regular quarterly “Security Board Meetings

Business Security – Don’t do it yourself!

When it comes to business security, most people think that it is a no brainer!

Delegate to the IT department and it is done.

If you want to be a target, maybe get your 2 minutes of fame on the nightly news and want a cyber event to impact your reputation, finances, operations, and legal capability then, by all means, ask the IT department.
Business security is all about the business.   Yes technology and the IT department are a component but they are not the most important component of the requirements to secure the organisation

Business security starts at the top.   Board Members, managers, and owners are required to look at the business and work out where an attack could come from, calculate the destructive effects, mitigate those effects and then implement protective strategies to cover those attacks.

This is very hard to do when your expertise is based on your core business.   Your core business could be anything – legal, finance, manufacturing or even charity based.   You are good at what you do, that means that you are not the best at understanding the problems associated with business security.

This is when you need the Board, management, and owners to look outside their organisations, to people and organisations that focus on business security.   Business security is their core business!

From a management perspective, business security is all about risk.   Risk assessment, risk management and then risk reduction.   Your organisation has to have an understanding of their risk appetite before they can implement change and reduce those risks.

Business today is wholly dependent on the digital.  We would not be able to do business without it.    Each of those digital components has a risk factor requirement.   Do you know what they are?

A business security risk assessment is the first step in Business security.

The best way to find out how vulnerable to a cyber event your organisation is.   Use the CareMIT Digital Diagnostic Tool or come to one of our regular quarterly “Security Board Meetings“.