Cyber security for charities 8: Checklist and further information

Here's what you should do and who you should contact, writes Martyn Croft

  • Find out who’s taking the lead on information security

  • Make information security part or all of someone’s job

  • Assess and value the information assets you hold

  • Check for online donations and phishing emails in the name of your charity

  • Ensure applications are written with demonstrable security

  • Patch and update all software as part of business as usual

  • Protect your public website against hacks and patch vulnerabilities

  • Check backups as a last line of defence against malware

  • Regularly audit user accounts

  • Minimise user and admin account privileges

  • Ensure strong passwords are enforced for all users

  • Use two-factor authentication for remote access

  • Provide IT and information security education

  • Write and review straightforward policies

  • Keep personal devices away from corporate data

  • Ensure data in the cloud is secure and recoverable

  • Make sure that cyber security is on your risk agenda

Further information

Charity Commission

Get Safe Online

National Cyber Security Centre

NCSC Cyber Essentials

NCSC Cyber Essentials Requirements


Charities Against Fraud

IT Induction and Information Security Awareness

Open Web Application Security Project

Information Commissioner’s Office

Information Commissioner’s Office GDPR

The IASME Consortium

Charities Security Forum

SC Media

Read next: 9 About the author - Martyn Croft

Special Report

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners