The Charity Commission is warning charities against the risk of online fraud, as a new survey found around one in eight charities (12%) had experienced cybercrime in the previous 12 months.
This follows earlier findings indicating that the pandemic prompted increasing numbers of charities to move to digital fundraising and operating, exposing them to the risk of cybercrime.
Most concerningly, the survey highlighted a potential lack of awareness of the risks facing charities online, with just over 24% having a formal policy in place to manage the risk. Similarly, only around half (55%) of charities reported that cyber security was a fairly or very high priority in their organisation.
The warning came ahead of last month’s Charity Fraud Awareness Week. The campaign raises awareness of fraud and cybercrime and brings the charity sector together to share knowledge, expertise and good practice. It is run by the Charity Commission and the Fraud Advisory Panel and a partnership of charities, NGOs, regulators, law enforcers, and other not-for-profit stakeholders.
The Charity Commission’s new survey explored charities’ experiences of online cyber-attack. It found that over half of charities (51%) held electronic records on their customers, while 37% enabled people to donate online. A greater digital footprint increases a charity’s vulnerability. The most common types of attacks experienced were phishing and impersonation (where others impersonate the organization in emails or online). For both attacks personal data is often at risk.
There are lots of simple steps that can be taken to protect against cyber harms including changing passwords regularly, using strong passwords and two factor authentication, updating training and policies, making back-ups of your data using the cloud and making sure antivirus and all other software is patched to the latest version. Many useful tools and resources will be available to help charities reduce their vulnerability to these crimes throughout Charity Fraud Awareness Week.
The survey also confirmed that there is an under-reporting of incidents when they do occur, with only a third (34%) of affected charities reporting breaches. It’s important that charities get in touch with the Commission where there has been a serious incident, even where there may be no regulatory role for the Commission. This helps the regulator to identify trends and patterns and help prevent others from falling victim to fraud.
Amie McWilliam-Reynolds, Assistant Director Intelligence and Tasking, from the Charity Commission said:
Online financial transactions, and online working generally, present a great opportunity for charities – whether in engaging supporters, raising funds, and streamlining their operations. This was demonstrated in particular during the pandemic, when the longer-term move away from cash to online fundraising accelerated. But online financial transactions and the collection and storage of personal data also harbour risk, and we are concerned that some charities may be underestimating that risk, and are therefore exposing their charity to potential fraud.
We hope that projects like Charity Fraud Awareness Week help raise awareness among trustees and charity staff of the risks they may face, and of the advice and guidance available to support them in protecting their charity from fraud.
Preventing and tackling fraud is not a ‘nice to have’. It is vital that every penny given to charity makes a positive difference, especially during these straitened times, when donors, charities, and those they support face mounting financial pressures.
Sir David Green CB KC from the Fraud Advisory Panel said:
Fraud is the UK’s most commonly experienced crime and much of it is committed online. Therefore, it is essential that charities take the security of their systems, information, people and money seriously. Simple cyber security measures can make a big difference which is why we’ve collaborated with UK police forces to offer a series of free cyber-security focussed events during this year’s awareness week.” Charity Fraud Awareness Week 2022 will feature online events, talks and useful advice from anti-fraud experts, designed to help the third sector and charitable organisations tackle the problem of fraud and cybercrime.