Years ago, we used to be focussed on internal fraud: making sure that cheques hadn’t been pre-signed by the Treasurer and that the cheque book was kept somewhere safe, like being locked in the safe.
However, more and more it isn’t necessarily internal fraud that is the threat as the majority of charities are savvy, having key controls and processes in place to protect not just them, but their employees. The key threat now is from external fraud such as ransomware attacks, hacking and phishing scams.
According to the Cyber Security Breaches Survey 2022, 39% of all UK businesses reported a cyber attack in the past 12 months. On top of that, charities are reportedly 5 times more likely to suffer a cyber-attack. Certainly, as an auditor, I can see in my own clients that the number of cases has increased in recent years.
The majority of charities registered in the UK are small and most are unlikely to have a dedicated IT specialist in-house to keep on top of this threat. Charities are also more likely to hold a significant amount of personal data than most, as not only do they have employees personal data but also data from donors and also data about their beneficiaries.
The National Cyber Security Centre has launched a free online tool for UK for UK organisations to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.
I would encourage all charities to take advantage of this free resource to help safeguard themselves.
The next step
If you have any questions regarding this insight, please contact Tracey Moore.