top of page

Charities – use strong passwords to protect your organisation from cyber criminals

As Christmas approaches, it is seen by many as a wonderful time to give money to charities. Whether through charity linked Christmas cards and gifts or offering donations to charities as presents for loved ones, many charities will hope to benefit from the season of goodwill this year.

But this increased financial activity is certain to attract the attention of cyber criminals looking to benefit themselves from people's generosity. And nothing is worse than the thought of money donated by caring members of society being stolen by greedy hackers for their own nefarious ends.

According to the government’s own Cyber Security Breaches Survey 2021 just over a quarter of the regions charities faced a cyber security breach in the past 12 months. And the average monetary loss to businesses losing money was about £8000.00. That is hard-earned money donated by members of the public and destined for charitable causes.

The survey goes on to say that charities performed significantly worse than other businesses in almost all areas of cyber security, and that was particularly true around password security, with only about half of all charities having a password policy requiring strong passwords.

Does your charity have a network administration password of admin or similar?

If so, you are putting yourself at huge risk of being hacked and becoming another organisation that loses money and reputation – which are core to any successful charity.

So, what is our response to the threat?

If you are a regional charity worker or CEO, if you remember nothing else from this blog remember this:

  • Use Strong Passwords with Multi Factor Authentication

  • Use unique passwords for each account, and

  • Use Strong Passwords with Multi Factor Authentication

To help charities get to grips with this we have created a set of 5 top tips which are free or extremely low cost. Some of the tips are bespoke to the device. If you are struggling to get through this either look through some of the guidance documentation on our website or the links below to YouTube videos.

And before you start why don’t you do our quick quiz to see what you know about passwords - Cyber Resilience Quizzes - Passwords | Eastern CRC (

Top tips for charities

1 - Make sure you switch on password protection on all your devices. This will protect you if a phone, tablet, or computer is either lost or stolen.

2 - Use two factor authentication for 'important' accounts – check out the video What is two-factor authentication? - YouTube

3 - Use strong passwords - view What makes a strong password? - YouTube

4 - Use a password manager to manage all of your passwords in one easy location. Check out our 90 second video to learn more Password managers - what are they and why would I need one? - YouTube

5 - Change all default passwords – many devices use default passwords when you start using them. Check to make sure you are not still using theirs. Watch our video What are default passwords and why they matter - YouTube

Remember - it is not too late to make the changes required – join the Eastern Cyber Resilience Centre for free core membership. We will take you through all the basic cyber resilience steps that you need to follow to make it more difficult for hackers to steal your money; and make sure that donated cash ends up in the right hands.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page