Charity websites more secure than average

Finance | Gareth Jones | 1 May 2007

Charities and not-for-profit organisations are more secure than the average organisation against potential website attacks, according to a new report. NTA Monitor's 2007 annual web application security report 2007 analysed data gathered from web application security tests undertaken on behalf of a variety of organisations, including financial institutions, legal practices, universities and local government bodies, during 2006.

Charities performed better than average in tests, with only nine risks found per test compared with the average of 14. No critical vulnerabilities (those that are widely known and actively exploited by hackers and allow unauthorised external users to gain network access) were found in charities, and a below average number of vulnerabilities were found that could enable external users to gain unauthorised system access or disrupt service availability. However, an average number of informational issues were found, indicating that these organisations could improve security housekeeping and knowledge of technical mechanisms. The most frequently occurring vulnerabilities related to web servers supporting weak encryption, which could allow attackers to gain access to donor account details.

Roy Hills, technical director at NTA Monitor, said: 'While charitable institutions seem to be ahead of most in securing their websites, our findings indicate that they still need to tighten their policy on IT security housekeeping and its implementation. With an ever increasing number of people using the internet to make charitable donations, organisations should take every precaution towards protecting these revenue generating and efficiency enabling systems.'

Directory: NTA Monitor Ltd

Comments

[Cancel] | Reply to:

Name *

Email *

Organisation

Job Title

Comments *

Verification *

* Please read our Community Standards

Close »

Community Standards

The civilsociety.co.uk community and comments board is intended as a platform for informed and civilised debate.

We hope to encourage a broad range of views, however, there are standards that we expect commentators to uphold. We reserve the right to delete or amend any comments that do not adhere to these standards.

We welcome:

Robust but respectful debate
Strongly held opinions
Intelligent relevant discussion
The sharing of relevant experiences
New participants

We will not publish:

Rude, threatening, offensive, obscene or abusive language, or links to such material
Links to commercial organisations or spam postings. The comments board is not an advertising platform
The posting of contact details for yourself or others
Comments intended for malicious purpose or mindless abuse
Comments purporting to be from another person or organisation under false pretences
Gratuitous criticism, commentary or self-promotion
Any material which breaches copyright or privacy laws, or could be considered libellous
The use of the comments board for the pursuit or extension of personal disputes

Be aware:

Views expressed on the comments board are left at users’ discretion and are in no way views held or supported by Civil Society Media
Comments left by others may not be accurate, do not rely on them as fact
You may be misunderstood - sarcasm and humour can easily be taken out of context, try to be clear

Please:

Enjoy the opportunity to express your opinion and respect the right of others to express theirs
Confine your remarks to issues rather than personalities

Together we can keep our community a polite, respectful and intelligent platform for discussion.