As cyber attacks become more sophisticated and frequent, it’s important for organisations to have the systems in place to come out the other side in one piece. Charities are not immune to these attacks, and if anything, may be in a more vulnerable position than corporate organisations which have more budget and resources to nip the attack in the bud.
Last month, Anglicare Sydney was held to ransom over a large amount of potentially sensitive information, as part of what the organisation said was illegal activity targeting the Australian health and aged care sectors. The charity, which holds records on adoption and foster care as well as counselling and mental health services, came away relatively unscathed from the attack. While the organisation confirmed 17 gigabytes of data was transferred to a remote location, there was no evidence that data had been stolen, and the main system relating to its Out of Home Care program, which includes the foster care program, was not impacted. With Anglicare Sydney being one of the larger and well-known Australian charities, it was actually in a pretty good position to deal with such an attack. But that’s not the case for all organisations.
Some steps to take:
- Multi Factor authentication – not just for accounting software, but for emails and other software.
- Communication – regularly communicating with staff and volunteers about security related threats is a really effective way to stop cyber attacks before they happen. With many organisations working from home, it can be harder to cross-check suspicious emails and messages.
- Plan for when, not if – the plan should include how clients and stakeholders would be contacted, communicating to them how and what data had been breached; and who takes responsibility for the breach.
To view the ACNC Cybersecurity toolkit, click here
To view the Australian Cyber Security Centre Small business cyber security guide, click here