With 44% of charities allowing people to donate online and 42% having services beneficiaries can access online charities need now more than ever to protect the information they hold, as well as the money entrusted to them.
Charities are one of the most attacked sectors for cybercrime and unfortunately, they are also one of the sectors least prepared to defend themselves, through lack of funds and expertise.
But help is at hand with numerous free tools, both technical and non-technical, to help charities build their resilience.
Non-technical
Membership with the Eastern Cyber Resilience Centre – sign up for our free membership and receive a monthly newsletter as well as our “Little Steps” emails giving easy to understand guidance about steps you need to implement to achieve Cyber Essentials. You can also access our affordable student services and our Forum where you can meet other charity professionals with the same questions as yourself.
Small Charity Guide - Guidance detailing five topics to increase protection from the most common types of cybercrime.
NCSC Board Toolkit – Boards and Trustees are pivotal in improving the cyber security of the charities they are responsible for. The Board Toolkit has been designed to help members get to grips with cyber security and know what questions they should be asking their technical experts.
Exercise in a Box – online tools which helps organisations test and practice their response to a cyber-attack. There are a range of scenarios to encourage discussion about how your company would react, to allow you to understand if the right policies and procedures are in place. If you are not comfortable with running this exercise yourself, your local police protect officer can guide you through this for free and our affordable student service can conduct a policy review beforehand to ensure you are in the best place
Technical
Police CyberAlarm - help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.
Early Warning – receive high level alerts, in daily and weekly summaries, based on your IP and domain names, containing:
Incident notifications suggesting an active compromise of your system. This might be a host on your network being infected with malware.
Network Abuse Events suggesting your assets have been associated with malicious or undesirable activity. This might be a client on your network found scanning the internet.
Vulnerability and Open Port Alerts suggesting vulnerable services running on your network, or undesired applications are exposed to the internet. This might be an exposed Elasticsearch service.
Mail Check – assesses email security compliance, helping implement anti-spoofing controls (SPF, DKIM and DMARC) and email confidentiality (TLS). Charities can apply to be part of this pilot project.
Web Check – provides regular automatic scan of your website and alerts you to common website security issues and advises on how to fix them. This can be used in conjunction with vulnerability testing by our affordable student services. You might ask what the difference between Web Check and a vulnerability test is. Our vulnerability assessment uses the OWASP methodology which is regularly reviewed for the top ten most common threats to web applications. Students use automated as well as manual tests to investigate the different processes such as looking at what file uploads were permitted.
Logging Made Easy - helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems and can:
Tell you about software patch levels on enrolled devices
Show where administrative commands are being run on enrolled devices
See who is using which machine
In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tools, Techniques and Procedures (TTPs)
Further guidance & support
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Policing led - business focussed
