top of page

How do you build cyber resilience in a charity?

Sometimes time constraints can stop us from acting, so we have come up with some quick tips that those within the charity sector can use to start building their cyber resilience.

Cyber resilience is more than protecting your data. Cyber-attacks do succeed, so at the ECRC we want to build resilience within charities; the ability to detect an attack, if it does succeed, to be able to respond and recover with the minimum amount of time, money and reputation lost.

The charity sector is unfortunately one of the most attacked sectors, with potential reasons being the lack of funding and expertise. With 44% of charities allowing people to donate online and 42% having services beneficiaries can access online charities need now more than ever to protect the information they hold, as well as the money entrusted to them.

So, if you don’t know where to start take a look at the below.

Top Tips:

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable.

  2. Consider using a password manager for your staff to use.

  3. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. We have some short videos about passwords, password managers and 2FA – why don’t you take a look?

  4. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never tested them, and then when they need the data the most, they find that they can’t recover.

  5. Ensure you have anti-malware on all devices, including your phones.

  6. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do. Your local police protect officer might be able to deliver and awareness session for free, or if you want a bespoke option why not take a look at our affordable services. Charities can get 10% discount on an already very low-cost option.

  7. If you have a website, get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it. Our services are undertaken by local university students who are trained and mentored by senior ethical hackers. They get great real-world experience; you get a quality product at a very affordable price.

  8. Install those updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities.

  9. Have an incident response plan and test that it will help when the worst happens. We have a free template which you can download for free if you haven’t already got one in place.

  10. 1Join the Eastern Cyber Resilience Centre. It’s free, and you will be kept up to date with the latest threats you need to be aware of, as well as guidance, support and direction to free tools and services, and access to our affordable student services. Join now.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page