Free tools to help charities get cyber resilient

With 44% of charities allowing people to donate online and 42% having services beneficiaries can access online charities need now more than ever to protect the information they hold, as well as the money entrusted to them.

Image showing someone putting change in ajar held by another
Helping hand icon

Charities are one of the most attacked sectors for cybercrime and unfortunately, they are also one of the sectors least prepared to defend themselves, through lack of funds and expertise.


But help is at hand with numerous free tools, both technical and non-technical, to help charities build their resilience.


Non-technical

Membership with the Eastern Cyber Resilience Centre – sign up for our free membership and receive a monthly newsletter as well as our “Little Steps” emails giving easy to understand guidance about steps you need to implement to achieve Cyber Essentials. You can also access our affordable student services and our Forum where you can meet other charity professionals with the same questions as yourself.


Small Charity Guide - Guidance detailing five topics to increase protection from the most common types of cybercrime.

Board toolkit logo

NCSC Board Toolkit – Boards and Trustees are pivotal in improving the cyber security of the charities they are responsible for. The Board Toolkit has been designed to help members get to grips with cyber security and know what questions they should be asking their technical experts.



Exercise in a box logo

Exercise in a Box – online tools which helps organisations test and practice their response to a cyber-attack. There are a range of scenarios to encourage discussion about how your company would react, to allow you to understand if the right policies and procedures are in place. If you are not comfortable with running this exercise yourself, your local police protect officer can guide you through this for free and our affordable student service can conduct a policy review beforehand to ensure you are in the best place


Technical

Police CyberAlarm logo

Police CyberAlarm - help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.

Early warning logo

Early Warning – receive high level alerts, in daily and weekly summaries, based on your IP and domain names, containing:

  • Incident notifications suggesting an active compromise of your system. This might be a host on your network being infected with malware.

  • Network Abuse Events suggesting your assets have been associated with malicious or undesirable activity. This might be a client on your network found scanning the internet.

  • Vulnerability and Open Port Alerts suggesting vulnerable services running on your network, or undesired applications are exposed to the internet. This might be an exposed Elasticsearch service.

Mail Check – assesses email security compliance, helping implement anti-spoofing controls (SPF, DKIM and DMARC) and email confidentiality (TLS). Charities can apply to be part of this pilot project.

Image of interface for web check

Web Check – provides regular automatic scan of your website and alerts you to common website security issues and advises on how to fix them. This can be used in conjunction with vulnerability testing by our affordable student services. You might ask what the difference between Web Check and a vulnerability test is. Our vulnerability assessment uses the OWASP methodology which is regularly reviewed for the top ten most common threats to web applications. Students use automated as well as manual tests to investigate the different processes such as looking at what file uploads were permitted.


Logging Made Easy - helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems and can:

  • Tell you about software patch levels on enrolled devices

  • Show where administrative commands are being run on enrolled devices

  • See who is using which machine

  • In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tools, Techniques and Procedures (TTPs)

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed


ECRC logo


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.