In today’s interconnected world, where digital transformation has become the norm, cyber security is no longer just a concern for big corporations or government entities.
Charities and not-for-profit organisations in Australia are also prime targets for cyber threats. These organisations, often driven by altruistic missions, handle sensitive data such as donor information, financial records, and beneficiary details.
Your Web Presence has helped establish and maintain the online presence of a number of charities or not-for-profit organisations.
We know that as stewards of trust and goodwill, it is imperative for these organisations to prioritise cyber security to safeguard their operations and protect the interests of their supporters and beneficiaries.
Understanding the Landscape of Cyber Threats
Cyber threats for charities and not-for-profits are on the rise.
In the 2022-23 financial year, Australian Signals Directorate received nearly 94,000 cybercrime reports.
This averages to one report every 6 minutes!
The key cyber threats include;
- Phishing attacks – Cyber criminals will impersonate an individual or organisation using emails or messages. They will try to trick the recipient into sharing sensitive information or downloading malicious software.
- Business Email Compromise – when a cyber criminal pretends to be someone who represents a company. They may do this by using hacked email accounts or creating domain names that look real. Usually, the goal is to trick victims into sending funds to a bank account they control.
- Ransomware – When cyber criminals lock or encrypt your files so you can no longer access them. They can demand a ransom, usually in the form of cryptocurrency, to restore access to the files. They may also threaten to publish or sell data online, unless you pay the ransom.
The consequences of these threats can be severe. They can impact the organisation’s reputation, financial stability, data, and ability to carry out its mission effectively, causing harm to the communities they serve.
Regulatory Framework and Compliance Standards
Navigating the regulatory landscape is essential for ensuring compliance with laws and standards governing cyber security.
In Australia, organisations must adhere to regulations such as the Notifiable Data Breaches (NDB) scheme and the Australian Privacy Principles (APPs).
Organisations must also adhere to the Australian Charities and Not-for-Profits Commission (ACNC) Governance Standards.
Unique Challenges Faced by Charities and Not-for-Profits
Limited budgets and resources pose significant challenges for charities and not-for-profits in implementing comprehensive cyber security measures. Additionally, reliance on volunteers and staff members who may lack adequate training in cyber security exacerbates the risk profile of these organisations.
Implementing Best Practices for Cyber Security
Despite resource constraints, there are practical steps that charities and not-for-profits can take to enhance their cyber security posture.
These tips have been provided by the Australian Cyber Security Centre (ACSC):
- Turn on multi-factor authentication where possible.
- Check automatic updates are on and install updates as soon as possible.
- Back up important files and device configurations often. Test your backups on a regular basis.
- Use a reputable password manager to create strong, unique passwords or passphrases for your accounts.
- Provide cyber security training, particularly on how to recognise scams and phishing attempts.
- Use access controls and review them often so staff can only access what they need for their duties. This will reduce potential damage caused by malware or unauthorised access to systems.
- Use only reputable and secure cloud services and managed service providers.
- Test cyber security detection, incident response, business continuity and disaster recovery plans often.
- Review the cyber security posture of remote workers and connections. Make sure staff are aware of secure ways to work remotely such as not accessing sensitive information in public.
- Use secure online donation platforms and payment processing systems. Ensure your platform is secured to protect donor information and financial transactions. Using reputable third-party payment processors and implementing secure encryption protocols are critical steps in safeguarding online donations.
- Report a cybercrime, incident or vulnerability to protect yourself from further harm.
- Join ASD’s Cyber Security Partnership Program as a business or network partner. This free program provides advice and insights on the cyber security landscape.
The Importance of Collaboration and Partnerships
Collaborating with other organisations, government agencies, and cyber security experts is essential for sharing information and resources to combat cyber threats effectively.
We strongly recommend becoming a partner in the Australian Signals Directorate’s Cyber Security Partnership Program. Their program enables Australian organisations and individuals to engage with the ASD’s Australian Cyber Security Centre and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
Embracing Continuous Cyber Security Improvement
Cyber security is an ongoing process that requires continuous monitoring, evaluation, and improvement. Staying informed about emerging threats and technologies enables organisations to adapt and strengthen their cyber security defences over time.
Cyber security is not a luxury but a necessity for charities and not-for-profit organisations in Australia.
By prioritising cyber security and implementing best practices, these organisations can safeguard the heart of giving, protecting their supporters, beneficiaries, and missions from the ever-evolving landscape of cyber threats.
Australian Government Cyber Safety Resources for Charities and Not-For-Profit Organisations
- Australian Signals Directorate (ASD) Cyber Security for Charities and Not-For-Profits – Tips to avoid common cyber threats
- Essential Eight – This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.
- ACNC Governance Toolkit: Cyber Security
- ASD Education Pack for Small Businesses
- ASD Cyber security checklist for small businesses
- Have You Been Hacked? Find out what to do if you think you’re the victim of a cybercrime.
We make huge efforts to ensure that our data is stored locally, in Australia, and our security measures are constantly being checked, updated or changed to ensure our clients can continue their work while remaining safe and protected online.
If you’re concerned about the security measures that your organisation has in place online, please get in touch with us.
How confident are you that your business/organisation is protected from cyber threats? What’s your top tip or a great resources you can pass on? Leave a comment below.