top of page

“Is there something wrong with your website? I can’t get the donation information”

Now that’s not a phrase that anyone would want to hear but it could be one that a charity experiences if they become a victim of a DDoS (Distributed Denial of Service) attack.

DDoS attacks are on the increase and although a charity might not seem to be the first choice for a cybercriminal, they might get caught in the crosshairs for a number of reasons such as disagreeing with policies/tactics, a personal grudge against a member of staff or for purely monetary purposes.

Photo of person holding red box with the words "Act Now" on a sticky notes.

What is a DDoS attack?

This is where so much traffic gets directed to your website that your site becomes overwhelmed and legitimate users can’t access the site’s resources, effectively stopping your website from working.

Think of it like a traffic jam. If everyone you know tried to get to your house at the same time only the first few cars are likely to be able to make it. The ones at the back who left 5 minutes later have no chance in reaching your front door and speaking to you.

DDoS attacks usually present themselves as a slowing or crashing of your network or website, which costs time, money and reputation.

Can you protect yourself from these attacks?

DDoS attacks are notoriously difficult to prevent as the attackers don’t need internal access to the network and the attack is from the outside focused inward. But the key points for protection to remember are:

  1. Know your network's traffic. A free tool that we can recommend here is Police CyberAlarm | The Eastern Cyber Resilience Centre (

  2. Create a Denial-of-Service Response Plan within your incident response plan Tools | Eastern CRC ( – one of the areas covered within the Cyber Essential (CE) Program

  3. Make your network resilient and practice good cyber hygiene – using CE principles

  4. Scale up your bandwidth. The greater the bandwidth the more effort a DDoS attacker will have to make to crash your site. Moving your operation to the cloud may help.

  5. Take advantage of anti-DDoS hardware and software. Speak to your Managed Service Provider (MSP) if you have one.

  6. Make sure all staff know the symptoms of an attack and respond quickly to it using your plan.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail or use our online booking system to make an appointment with one of our team.

We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page