Fraudsters using coronavirus to attack voluntary groups
A third of charities have suffered a cyber-attack during the coronavirus pandemic.
Phishing attacks, where attackers attempt to obtain sensitive data by pretending to be a trustworthy source, have been the most common threat, affecting one in seven (15%) voluntary groups, followed by spear phishing (7%), malware (5%) and ransomware (3%).
One in 20 charities (5%) said they had suffered an accidental data breach during the pandemic.
The findings, from Ecclesiastical Insurance, come after the Charity Commission revealed that fraudsters have stolen over £3.5 million from charities during the pandemic. The English and Welsh regulator says it received 645 reports of fraud and cybercrime between March and September.
A survey of 250 charities carried out by YouGov and released to coincide with Charity Fraud Awareness Week, which ends on Friday (October 23), found that the vast majority (95%) of charities are now working remotely. While 29% were already embracing remote working before the pandemic, two-thirds moved to remote working during the pandemic.
The transition to remote working has not been without its challenges though, with half of charities admitting to technological challenges while adapting to new ways of working. A third have been hampered by the lack of staff and volunteer skills, and a third have struggled to adapt in line with their culture.
Many charities have beefed up their cyber-security as a result of the shift to remote working caused by the pandemic, the specialist insurer found.
One in four (23%) said they had increased investment in security software, while 21% have provided additional advice or training for staff on how to stay safe working from home. Almost one in five (18%) have brought in external support to help improve cyber security for remote workers.
However almost half (45%) have not taken any steps at all to increase protection for staff working from home, prompting concerns that charities are not taking the threat of cyber fraud seriously.
Research carried out by Ecclesiastical earlier this year found that many charities were complacent about the risk of cyber-crime. While the majority of charities (81%) said they were ‘fully prepared’ to deal with a cyber-attack, the research found just half (52%) had a cyber security plan in place, while fewer had a specific cyber risk management plan (42%) or cyber insurance cover (42%).
Angus Roy, charity director at Ecclesiastical Insurance, said: “The move to remote working has presented technological challenges for all organisations, and this has created opportunities for cyber-criminals. Like everyone else, charities can be susceptible to fraud and cyber-crime.
“Our research has found that while some charities have taken steps to protect staff working from home, many are still not taking the threat of cyber fraud seriously. All charities, even those with relatively small reserves to call upon, can take simple steps to boost resilience to fraud and cybercrime.”