Charities are more likely to have poor website security than other organisations, according to the results of an annual survey published this week.
The Web Application Annual Security Report 2009, produced by security-testing company NTA Monitor, found the average charity and not-for-profit website contained 15 'security vulnerabilities', compared with five the previous year.
This was the highest number of breaches found among organisations from eight sectors, including finance, government and manufacturing.
The most common charity flaws included not having account lockout mechanisms in place, which stop hackers with valid usernames from repeatedly guessing passwords.
Charities were also guilty of allowing users to choose insecure passwords, which increases the chances of unauthorised access to accounts.
A spokeswoman for NTA said one of the main reasons charity websites fared badly was that they were configured weakly during the set-up stages and then not kept up to date with the latest security threats.
"Those organisations that have the least resource or expertise are least likely to be able to keep on top of this aspect, although in reality some small organisations are very secure and some large organisations are very insecure," she said.
NTA was unable to provide details of the number of organisations it tested for the survey.