Charities need to focus on practical and proportionate prevention, with strong detection and response measures in place and good governance and oversight arrangements of how risks are managed, Sayer Vincent urges. “Charities need to ensure sufficient resource is made available. There also needs to be more awareness-raising within organisations to counter the people risk factors and clear accountability to ensure continuous improvement.”
In July, the Charity Commission confirmed that it had received 33 serious incident reports from UK charities including Crisis and mental health charity YoungMinds informing the regulator that they had been affected by a ransomware attack on Blackbaud, one of the largest providers of fundraising, financial management, and supporter management software to the UK charity sector.
Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, told ICAEW Insights: “With security protections in place. By familiarising themselves with our guidance and following the practical steps, charities of all sizes can significantly reduce their chances of falling victim to cybercriminals.”
Kristina Kopic, ICAEW Head of Charities, said engendering the right culture was critical to preventing cybercrime or dealing with it effectively. “Support your staff, raise awareness of the risks and have a culture where people feel free to ask questions and report.”
Kopic warned that unless charities tackled cybercrime head-on, they were exposing themselves to both financial and reputational risks, which could have an impact on future donations. “Make the trustee board aware of the internal controls in place, including how often you back up, how often you install updates and what your plan is. Understand what systems are being used for home working and who’s responsible for them.”
Further resources:
- A range of resources from the Charity Commission on how to spot fraud and cybercrime and what you can do to protect against it
- NCSC guidance for small charities offers five steps to significantly increase charities’ protection from the most common types of cybercrime. The Board Toolkit encourages essential discussions about cybersecurity to take place between the Board and their technical experts.
- The Fraud Advisory Panel highlights best practice in fraud prevention, detection, investigation and prosecution plus information about the Fraud Advisory Panel’s Charity Fraud Awareness Week
- If you are a finance professional with involvement in the charity and voluntary sector, why not join ICAEW's Charity Community (https://www.icaew.com/groups-and-networks/communities/charity-finance-professionals) to stay up to date with the latest developments in charity finance, taxation and governance.