What to do in the case of a breach: cyber fraud #2

Third Sector Promotion Markel

In the second part of our series, we look at how to respond to a breach.

You are probably all too aware that your organisation may well experience a cyber security breach at some point. But what types of threats should you look out for? And how can your organisation best respond to an incident?

Phishing trip

Fraudsters often use phishing emails to trick recipients into clicking malicious links or disclosing personal and sensitive information. According to the Charities Aid Foundation, these messages can look as though they have been sent from a legitimate organisation or address. While most phishing attempts are untargeted in their approach, some contain personal information about the recipient or claim to be sent from a trusted source or position of authority. 

However sophisticated they may appear, phishing emails are identifiable. The email address of the sender might be different from the domain name.

Grammatical errors and misspellings can litter phishing emails. The emails also often include a request to complete a task such as clicking on a suspicious link or attachment within an urgent timeframe. Educating staff and stakeholders of these common traits can help them spot the majority of cyber scams before they cause damage. 

But, if phishing attempts succeed, they can allow hackers to gain unauthorised access to computer systems and the attack on your charity may escalate.

Commonly, hackers steal personal data and threaten to release the information or lock your systems until you pay a ransom. 

Data can also go missing through the loss or theft of electronic or physical data such as a stolen laptop or lost paperwork. 

Or, through human error: someone can email, post or fax to the wrong recipient. 

Shield strategy

If you find evidence of unauthorised access, the National Cyber Security Centre (NCSC) recommends first ensuring that your computer systems are up to date. Installing the latest versions of software helps your organisation limit its exposure to bugs and vulnerabilities. 

Your IT team can then take steps to monitor networks for suspicious activity, using anti-malware software to detect and remove malicious codes.

Next, the NCSC recommends taking steps to block the avenues through which hackers can access your computer systems. An IT expert will help you close any gaps in your defences by removing unnecessary software and limiting rights to access certain data and applications.

Breach report

How you communicate news of a breach to stakeholders is another crucial consideration. Discussing appropriate responses and lines of responsibilities during an incident can help contain a breach and prevent further attacks. And, when you’ve resolved a breach, these discussions provide opportunities to learn how to bolster online security.

Alongside any internal actions, new GDPR rules mean that it is now particularly important for charities to tell the Information Commissioner’s Office about any breaches. You can also report any cyber incidents to Action Fraud and the Charity Commission.

While these steps should help any organisation tackle breaches, your defences will be stronger if you have effective cyber security tools in place before these events occur. 

"Having the right upfront security as well as training staff to spot potential threats such as phishing emails can help prevent a cyber incident," said Liam Greene, professional and management risks manager at Markel UK.

"Also ensuring there is a robust incident response plan in place will mean that if a cyber attack does happen, your organisation can respond as swiftly and efficiently as possible," Greene concluded. 

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Expert Articles: Risk Management

Advice on risk from Markel, a specialist insurance company working with charities, community groups, trustees, social enterprises and care providers.

7 steps to managing your safeguarding risk

Promotion from Markel

Safeguarding is an increasingly critical issue in the third sector with hefty fines for those that don't take it seriously. Here, Markel's care consultancy director, Jerry Oliver, offers seven top tips to putting a safeguarding plan in place

Winter is coming: Are you ready?

Promotion from Markel

With the onset of winter, the chances of severe disruptions to your business operations increase. But, if you have a contingency plan in place you can act swiftly to mitigate and minimise the risks

How to claim Gift Aid and who is eligible

Promotion from Markel

From small one-off cash contributions to a sizeable sum from a wealthy donor, the ability to claim back an additional 25% on donations through Gift Aid offers charities the chance to make philanthropy go further

How to prepare for the unexpected: the keys to if-and-when planning

Promotion from Markel

Having a robust business continuity plan is of critical importance - here's how to create one...

What is social value and why does it matter?

Promotion from Markel

The latest regulations mean that before launching the bidding process, commissioners must try to ensure that the services should secure greater benefits for the stakeholders and local area

What to do in the case of a breach: cyber fraud #2

Promotion from Markel

In the second part of our series, we look at how to respond to a breach.

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...

Managing cyber risk in the third sector

Promotion from Markel

Cyber risks should be high on the risk management agenda of third sector organisations as incidents hit the headlines and burden small organisations with increasing frequency.

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now