Charities are being increasingly targeted by cyber criminals because they often hold a large amount data about stakeholders, an information security expert has warned.
James Mulhern, chief information security officer at Eduserv - a charity which provides technology services, was speaking at the Charity Finance Group’s IT conference last week, when he warned delegates that the threats from cybercrime were increasing.
He said while “digital is essential” the world had reached “tipping point” and there was a risk of the internet going from “being a net force for good to being a net force for bad”.
“Charities are a big target for cyber criminals,” he said, because “you have valuable data”.
He also explained that it is not just credit card information that hackers are looking for.
“In the dark web a full record of information is worth US$28, health record $2.5 and credit card 25 cents,” he said.
Skills, awareness and culture
Mulhern told the audience that last year half of the Charity Commission’s alerts related to cyber threats but that charities still lacked skills and awareness.
“It’s not just about you it’s about the people that you serve - donors, supporters, VIPs, fundraisers, volunteers,” he said and warned that the there were “long lasting consequences” to a cyber attack.
He also said it was important to have a plan about how to respond to an attack and said charities needed to think about how much they invest in security.
“If you spend more money on a chief executive than on security somebody going to be able to make a bad headline out of that,” he said.
He also stressed that cyber security was the responsibility of everyone in the organisation and advised that not to “just tell users show them” the consequences of an attack by rehearsing for it.