Online support that helps charities tackle fraud

Cyber fraud is sadly on the increase and it’s an issue charitable trustees simply can’t afford to ignore. In fact, the government estimates that 70% of all fraud is now committed online.  These scams can be complex and difficult to detect.  They normally involve hacking into your system or taking your identity.

Here are 10 steps to protect yourself in cyberspace:

  1. Make sure that your network is protected by a suitable firewall and malware protection is kept up-to-date (cyber criminals are constantly attempting to defeat protective defences)
  2. Apply updates and patches at the earliest opportunity to limit exposure to software vulnerabilities
  3. Make sure that all access to your programs is protected by strong passwords, and these are known to only essential personnel and frequently changed
  4. Use a hierarchy of passwords, so – for example – only the financial controller may access the accounts system and bank account
  5. Make sure that all users are trained to accept (and open) emails only from known sources;
  6. Remove unnecessary software and default user accounts (these are often supplied with the software and often no attempt is made to prevent access by their removal)
  7. Restrict access by mobile devices such as tablets and mobile phones to critical services such as the accounting system or online bank accounts
  8. Make sure that the network configuration is secure to restrict system functionality to the minimum required for operational needs, and apply this to every device that is used to conduct business
  9. Make sure that staff are trained to prevent and recognise cyber fraud activity
  10. Impose “perimeter defences” to block unnecessary access to insecure websites, or only allow permitted websites to be accessed

The Charity Commission is aware of trustees’ vulnerability and there is a useful website at https://www.gov.uk/guidance/protect-your-charity-from-fraud to improve awareness of trustees and trust directors.