Cyber Impact

Charities and NGOs need cyber security

Published on 18 November 2022

Cyber security is an issue for everyone, even the non-profit and humanitarian sector. Non-governmental organisations (NGOs) and charities can be targeted by financially or politically motivated cybercriminals or experience security breaches. These organisations urgently need to implement cyber security strategies – even if this may be low on their list of priorities and objectives.

NGOs and charities: a prime target for cybercriminals

Operating and financing with IT tools

As soon as an organisation becomes “connected”, it can fall victim to cyber attacks. That’s why the security of IT systems concerns everyone.

Like any organisation, charities and NGOs use connected digital tools every day to host their websites, exchange emails, and raise funds (through crowdfunding campaigns, online pledges, or fundraising appeals on a website, etc.).

All these points of access are potential attack vectors for cybercriminals, whether to embezzle money, compromise their work, or gain access to sensitive data.

Processing personal data

Protecting and managing personal data is paramount for charities, especially as this data can concern employees, volunteers and donors.

The most obvious example is fundraising: on online fundraising campaigns, donors have to provide bank details, physical addresses, etc. This information can be stolen, sold on the dark web, or even used for identity theft. It should therefore be protected at all costs, not only to ensure the safety of donors but also to preserve the reputation of the organisation.

NGOs and data protection

70% of non-profit organisations don’t control their data (survey conducted as part of the Cyber For Good program, 2022).

The nature of tasks and sensitive data

Charities and NGOs process a lot of personal or sensitive data within the framework of their work. This information can be of great value to an attacker with political or terrorist motives, for example, as it sometimes contains “thematic” information.

Some NGOs may have access to highly sensitive data on extremely vulnerable populations. These can include lists of physical addresses of political refugees in a host country or lists of victims of racially motivated violence.

This sensitive information can also be exploited for geopolitical ends, as it could be considered strategic for an authoritarian regime or a terrorist group.

The need for cyber security awareness

All organisations must be aware of cyber risks and trained to prevent attacks and comply with regulations – NGOs and charities are no exception.

Compliance with the General Data Protection Regulation is a requirement for any organisation that processes data in the EU. Non-profit organisations do honourable work, but this doesn’t exempt them from complying with the current law.

Protecting charities’ IT systems is also fundamental to keeping them in business, protecting their various stakeholders, and preventing breaches caused by human error.

90%

Nearly 90% of NGOs in France consider themselves ‘not at all’ or ‘partially’ ready to respond to these challenges (Le Monde, 2022).

Charities and NGOs taking on the cyber threat

The Cyber For Good program

Cyber For Good is modelled on Tech For Good, a cultural integration and support program for organisations working in the public interest, facilitated by the Advens for People and Planet endowment fund.

A trial run of the Cyber For Good program was launched in September 2022 by Advens and its partners Latitudes and Share It. These organisations are themselves spin-offs of Tech For Good. The program has already enlisted around thirty cyber experts and around one hundred representatives.

Cyber For Good connects digital service companies specialised in IT with NGOs and socially conscious companies. Advens’ role is to support these structures with cyber security. In 2023, the objective is to extend this program to the entire cyber community in France. That way, more experts will be available, and the whole Social and Solidarity Economy (SSE) ecosystem will be able to support as many SSE structures as possible (before going international!).

Advens’ commitment in 3 steps

Advens’ commitment is centred on three main stages of support for charities, NGOs and start-ups.

Step 1: Raising awareness

This initial phase involves three webinars designed to promote awareness of the importance of protecting data and familiarise the non-profit sector with good cyber security practices.

Step 2: Coaching

Advens offers – through its employees’ voluntary participation – one hour of free coaching to clarify the specific cybersecurity issues that organisations raise following the webinars.

Advens allocates “solidarity and commitment” time to allow employees to get involved in impact projects, amounting to 2 days per year per employee.

Step 3: Long-term support

The last stage is a call for proposals to support three structures on in-depth cyber issues via skills sponsorship. This provides all the savoir-faire of experts to charities and NGOs that need it.

Some good cyber practices to protect your organisation

Data sharing: restrict access to files destined for people outside the organisation (administrative rights and timeframe). Disable the accounts of volunteers who are no longer part of the organisation.

  1. Personal database: make sure you are compliant with the GDPR.
  2. Facebook & social media: remember to enable two-factor authentication for fundraising campaigns.
  3. Website: be careful when choosing hosting, design, and support providers. Update operating systems, software, and applications to avoid security breaches.

The non-profit and humanitarian sector must become more familiar with the challenges of cyber security. It’s crucial to do so to protect against attacks from assailants without morals.

Why should you protect your computer system? Is it expensive? How can it be done? None of these questions need to be an obstacle: we can make cyber security accessible to everyone.

Advens is committed to a fairer world. To this end, we support non-profit organisations in protecting themselves by providing practical, fast and easy-to-implement solutions with our Cyber For Good program.