Charity Commission Warns about Cyber Security and insider fraud
A recent alert from the Charity Commission has warned that charities are putting themselves at higher levels of risk of cyber crime, and identified three factors driving insider fraud in the sector.
The regulator outlined its research had identified three factors behind insider fraud ‘poor challenge and oversight, weak or badly applied internal controls and putting too much trust and responsibility in one person’.
“Charities are as vulnerable to insider threats as the private or public sector,” the commission said in a statement.
Recently, we’ve been focusing internally on Cyber security. Zoe Lynds, our Operations Manager shares her top 5 tips to protect your organisation:
-
Ensure you have a clear process for recruiting staff, volunteers and suppliers which includes rigorous GDPR and cyber security processes, training and onboarding. Similarly, make sure your process for leavers ensures access is revoked.
-
Use your CRM to restrict access to sensitive data, using security features such as profiles, roles and sharing settings, permission sets alongside verification and access permissions.
-
Have a clear policy that is known and practiced internally every day and carry out monthly audit checks so your entire organisation, from board to front-line are kept engaged.
-
Apply best practice principles and Get some external verification by applying for your Cyber Essentials Certification.
-
Be mindful of the context in which your team operates and how and when they access data. Create different policies and training for staff, contractors, volunteers, trainees etc, and consider whether they work remotely or in the office, or use their own or work equipment.
The commission urged charities to read its guidance, Protect your charity from fraud which it published two years ago and updated in March this year.
You can also read the guidance from Cyber Essentials here>>