top of page

Safe and Secure: Protecting Charity Websites from Cyber Threats

In today's digital-driven world, websites play a crucial role for charities as they serve as a platform for communication and dissemination of information to supporters, enabling them to stay informed, make donations, and connect with those in need. However, websites also generate vast amounts of data that are highly sought after by cyber criminals, making them an attractive target.

Cyber-attacks on charity websites can have serious consequences, including theft of sensitive user information, such as login details, enquiry form data, and payment information. Hackers may also alter website content, redirecting legitimate donors to incorrect telephone numbers or posting inappropriate material that can cause harm and distress.

Statistics reveal a concerning reality for charities, as nearly half of all organizations have limited or no cyber security protocols in place. This lack of security measures makes charities vulnerable to cyber criminals, with over a third of charities in our region falling victim to a cyber-attack during the pandemic.

The protection of sensitive information and data is of utmost importance for charities. As cyber-attacks become increasingly common, it is vital that organizations have the necessary measures in place to safeguard their clients, donors, and reputation. By doing so, they can continue to operate with the trust and support of their donors s and fulfil their mission.

What is an FSWA and how can it help your business?

Computer with a sad face

The First Step Web Assessment (FSWA) is a service that conducts a light touch assessment of your website’s security setup.

The FSWA service is currently available to our core members at a reduced rate of £100 - a saving of £150 from the standard fee of £250. This limited-time offer will be in effect until March 31st, 2023.

We will usually look to turn this service round in a few weeks and all we need is your website address (URL) to get going.

Our team use both passive and active reconnaissance techniques to assess your website, looking at how a cybercriminal would identify a vulnerable site. Passive reconnaissance seeks to gain information about your site without actively engaging with it, identifying outdated components and software that has been used to build it. The service then undertakes active reconnaissance through the use of automated scans to identify vulnerabilities not found through the initial tests.

You will then receive a short non-technical report (2-3 pages) to show any risks found on the site.

People sat round a table with a happy computer

The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to help bolster your security further.

If you would like to know more, why not book a chat with us today?

Cyber Essentials

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, which will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware and phishing. Read more here: Cyber Essentials & Plus Training & Certification ¦ ECRC (

Charities hold a significant amount of sensitive information, including personal records, which if compromised, could potentially harm their reputation and ability to raise funds for their good causes.

Alarming statistics reveal that nearly half of charities have very basic or non-existent cyber security protocols in place – making them an effortless target for cyber criminals. Which explains why over a third of our regions’ charities have fallen victim to a cyber-attack during the pandemic.

Cyber Essentials can fully or partially mitigate up to 99% of common cyber-attacks. Meaning if you meet the Cyber Essentials standard you are less likely to fall victim to a cyber-attack yourself and you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.

Funded Cyber Essentials Programme

All modern businesses are susceptible to cyber-attacks, however, certain organizations face a heightened risk, whether it's due to the possession of sensitive information or being perceived as an effortless target by cybercriminals.

To address this issue, the National Cyber Security Centre has established the Funded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.

The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.

To be eligible, you must:

  • Be a micro or small charity (1 to 49 employees)

  • Process personal data as defined under GDPR.

Unfortunately, funding for the current financial year has seized.

However, IASME are encouraging eligible Charities to express their interest in obtaining funding for the Funded Cyber Essentials Programme by submitting their contact details on the ISAME website here - Funded Programme - Iasme

More details on the Funded Cyber Essentials Programme for next financial year will be released shortly.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation and customers. But all is not lost.

Here at the centre, we would recommend that you:

  1. Join our community today as one of our growing number of free core members. You will be supported through implementing the changes you need to make to protect your organisation.

  2. Take a look at the First Step Web Assessment service and find out what you need to do next to make your business a no-go zone for cyber criminals.

  3. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses different parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime.

You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page