The Charity Commission is warning charities against the risk of online fraud, as a new survey found around one in eight charities (12%) had experienced cybercrime in the previous 12 months. This follows earlier findings indicating that the pandemic prompted increasing numbers of charities to move to digital fundraising and operating, exposing them to the risk of cybercrime.
Most concerningly, the survey highlighted a potential lack of awareness of the risks facing charities online, with just over 24% having a formal policy in place to manage the risk. Similarly, only around half (55%) of charities reported that cyber security was a fairly or very high priority in their organisation.
CHARITY REGULATION IS FAILING
The charity sector in the UK has a long history of dubious fundraising campaigns, individual cases of poor accounting, stealing, cash spending without receipts and the hiring of persons based on their relationship with senior trustees, not their financial or charity sector expertise. In addition, the Charity Commission itself admits that it fails to audit the annual accounts of the vast majority of UK charities, relying on complaints to prompt investigations.
The situation in the US is no better, as one report in the New York Times noted that 76 fake charities used the same mailing address. Again weak regulation and a failure to demand charities meet the the same robust levels of accounting that companies are subject to, is a big part of the problem.
With that in mind, many insurers should walk away from insuring charities. But the broker community in the UK in particular is always keen to help out. Fact is, many charities are full of good people trying their best and outside of the big name ones, where salaries of over £100,000 are common, many are working for low wages – or no wages.
FRAUD AWARENESS WEEK
The warning on cyber comes ahead of Charity Fraud Awareness Week, which begins on 17th October 2022. The campaign raises awareness of fraud and cybercrime and brings the charity sector together to share knowledge, expertise and good practice. It is run by the Charity Commission and the Fraud Advisory Panel and a partnership of charities, NGOs, regulators, law enforcers, and other not-for-profit stakeholders.
The Charity Commission’s new survey explored charities’ experiences of online cyber-attack. It found that over half of charities (51%) held electronic records on their customers, while 37% enabled people to donate online. A greater digital footprint increases a charity’s vulnerability. The most common types of attacks experienced were phishing and impersonation (where others impersonate the organization in emails or online). For both attacks personal data is often at risk.
The survey also confirmed that there is an under-reporting of incidents when they do occur, with only a third (34%) of affected charities reporting breaches. It’s important that charities get in touch with the Commission where there has been a serious incident, even where there may be no regulatory role for the Commission. This helps the regulator to identify trends and patterns and help prevent others from falling victim to fraud.
PREVENTION
There are dozens of specialist cyber insurance brokers, MGAs and of course big brands for the bigger scale charity and campaign groups. Having a partnership with a cyber insurance brand where staff can be trained in spotting potential fraud attempts, rogue emails and unusual patterns of cashflow is essential in the digital age.
One major step forward for all UK charities would be implementing a system of verified ID, which can be used to monitor cashflow within organisations. Setting automated checks on the movement on amounts above certain levels, or overseas transactions is another good way to minimise exposure to fraud. Fighting cyber attacks means changing passwords often, two-step logins and restricting key permissions on websites to a handful of senior staff.
Be the first to comment