17 May 2017
Thousands of organisations in numerous countries, including the National Health Service, have been affected by the recent ransomware attack.
The Charity Commission has issued a press release advising charities and trustees to be vigilant about such attacks.
The Charity Commission encourages all charities to follow protection advice recently issued by the National Cyber Security Centre (NCSC) and these notes follow the Charity Commission’s advice.
The key protection messages are:
- install system updates on all devices as soon as they become available
- install anti-virus software on all devices and keep it updated
- create regular backups of your important/business critical files to a device that is not left connected to your network
- do not meet any stated demands and pay a ransom
The National Cyber Security Centre technical guidance includes specific software patches to use that will prevent infected computers on your network from becoming infected with the ‘WannaCry’ Ransomware.
Phishing
Charities are urged to be cautious if they receive any unsolicited communications from the NHS, as fraudsters may exploit this high profile incident and use it as part of a phishing campaign.
Be aware that:
- any email address can be spoofed – do not open attachments or click on links within any unsolicited emails
- the sender’s name and number on a text message can be spoofed – exercise caution if the texts are asking you to click on a link or call a number
The Head of Investigations and Enforcement at the Charity Commission said:
“Charities need to be aware of the imminent danger posed by ransomware threats and take appropriate steps to protect their charity from cyber-attack – a charity’s valuable assets and good reputation can be put at risk.
“I urge all charities, if they suspect they may have fallen victim to cyber fraud, to report it immediately to Action Fraud and to the Commission, under its serious reporting regime.”
You can visit Charities against fraud for advice and top tips on how to protect your charity against cyber-fraud. Trustees are also advised to report suspected or known fraud incidents to the Commission by emailing RSI@charitycommission.gsi.gov.uk.
Serious incident reporting helps the Commission to gauge the volume and impact of incidents within charities and to understand the risks facing the sector as a whole.
I recommend that you remain diligent and if you require any further advice, please contact your usual UHY adviser. Alternatively, to read more about issues facing the charity and not-for-profit sector, click here.
