Employees should avoid taking work devices and sensitive work information home with them and all charities are at risk of cyber attacks regardless of their size or prominence, fundraisers have been warned.
Speaking at the Institute of Fundraising’s fundraising compliance conference this week, the cyber crime expert Neil Sinclair, chief operating officer at London Digital Security Centre and formerly of GCHQ, said that there were 85 million attempts to hack computers in the UK every year and charities were potential targets.
He said many people thought that criminals would target relatively well-defended large companies or charities, whereas in reality they often focused on vulnerable smaller organisations, including many charities.
"If there is anyone at a charity who says their charity is too small or too isolated or too original to be a victim of a cyber attack, they are lying to you," he said.
Sinclair also outlined some of the specific threats to charities and said people working from home or while commuting could be significant threat to a charity’s cyber security.
"Do you use the same devices at home as you use at work?" he asked. "Do you strictly keep those devices you use at work off your home network?
"You should use devices for work only in the workplace, on 4G or on a specific WiFi network."
For example, GCHQ did not allow personal devices to enter the workplace, Sinclair said, because they were more at risk of being hacked, and therefore could be used to record without people knowing, for example.
He also warned of using WiFi in locations such as pubs or coffee shops and said that staff should ensure they did not use sensitive company information while on digital devices connected to unsecured WiFi.
This is because it was relatively easy for criminals to replicate unsecured WiFi networks, Sinclair said, and it was therefore important to ensure the device used "forgets" the WiFi network once workers left the venue.
The trend for employees to send information to their personal devices to work on while commuting or at home also undermined cyber defences, Sinclair said, because sensitive information for the charity was being used in an environment that was outside the cyber defences the charity had in place.
He said that most cyber attacks "are not targeted, they are random – they are fun, some of them", and people should be aware that if they use electronic devices connected to WiFi in public places they are vulnerable and "can be a victim just because you are there".
Sinclair said: "Should I really be taking my work stuff home on my own device? You shouldn’t – that’s the simple answer."
He added that many organisations were not actually carrying out their cyber strategies, with fewer than one in 100 actually having a plan that was enforced across the company.