Posted on 23rd October 2018

11 practical tips to avoid charity cybercrime

Back to blog

Organisations large and small still struggle to keep up with the pace of technology. But tech is integral to our lives and criminals are more than happy to exploit vulnerabilities in both our professional and personal lives.

In this article we run through 11 quick and practical tips to protect your charity from cyber crime and digital fraud.

  1. Ensure all your organisation’s devices run antivirus and malware software. AVG is a great, free option for both Mac and PC.
  2. Conduct a password audit every 6 months and change the passwords to your most important accounts. Use a tool like Strong Password Generator and keep the passwords noted down in a secure location.
  3. Keep software up to date. This includes software on your computers, mobile devices and the software powering your website (i.e. WordPress). Updates often fix security exploits so this is crucial to protecting your charity from fraud and other attacks.
  4. Secure your devices by adding passcodes and always locking them when not in use. If possible, have them auto-lock (i.e. set your iPhone to auto-lock after 10 seconds of inactivity).
  5. If conducting sensitive activities try to limit your use of public WiFi as these networks are rarely secure.
  6. Be vigilant of what your organisation shares on social media. For example, don’t reveal that your office will be empty during a staff event.
  7. Own your social media presence. This means register accounts for all the popular networks, even if you don’t use them, to mitigate against criminals using your organisation’s name to commit fraud.
  8. Add an extra layer of security to your website’s admin system. Your web team will be able to add a two-step process to logging in to your website’s admin screen, providing an additional security layer.
  9. Be wary of emails with attachments or links to financial institutions. Good antivirus software should spot fraudulent content but it’s good practice to be skeptical when receiving unsolicited attachments.
  10. Ensure your website hosting is secure. Using SSL is quickly becoming standard, and modern web browsers flag up websites that are not secure. Your web team should be able to assist with this if you’re unsure, but to test if your website is secure it should be accessible when you put https:// (note the “s” at the end) in front of the domain name.
  11. Use secure, cloud-hosted software. Use a free system like Google Drive to store your documents. There is likely a greater chance of your computer being compromised than a cloud service, so store your documents here. This also ensures you have backups should anything go wrong with your computer.