Cyber security: how to keep your charity safe

Author's position
RVA Advice Service Manager
Article date
5 May 2021
Primary interest
Voluntary sector
Why should we be thinking about cyber security?

Charities of all sizes are increasingly more reliant on IT and this has increased further during the pandemic. Email, websites, video conferencing and social media all have a valuable place in our charities but without proper security measures they can also leave charities vulnerable to cyber attacks. Cyber attacks can affect an organisation of any size, including smaller charities.

Surely cyber attacks are not that common in charities?

False, they occur more frequently than you would think! The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport (DCMS), surveyed almost 500 voluntary sector organisations and found:

  • 26%  reported cyber breaches over the previous year
  • for charities with an annual income of £500,000 or more this rose to 51%
  • 25% of those who had suffered attacks said that they had to deal with them on a weekly basis
What are the risks to our charity if we suffer a cyber attack?
  • Financial loss due to a phishing attack: where scammers send fake emails asking for sensitive information (such as bank details), or containing links to bad websites.
  • Losing your charity’s critical data about supporters, beneficiaries, volunteers, key documents, invoices and payments.
  • Reputational damage if data is lost or corrupted
  • Not being able to access your systems and therefore unable to deliver your services
We are only a small charity – what are some easy ways to become cyber secure?

The National Cyber Security Centre (NCSC) and the Charity Commission have produced this short, helpful guide specifically for small charities. There are five easy things your charity can do straight away:

  1. Back up your data
  2. Install anti-virus to devices to protect against malware
  3. Use passwords
  4. Keep smartphones and tablets safe
  5. Learn about common signs of a phishing email and share this with your team
What training and resources are available?
Further support:
If you would like to discuss the above or need more advice, contact Herjeet at