Every charity and not-for-profit, no matter how big or small, is susceptible to fraud and cybercrime by criminals exploiting the current global crisis.

For example, a recent Charity Commission survey found that around one in eight charities (12%) had experienced cybercrime in the previous 12 months. This is a particular concern with increasing numbers of charities moving to digital service delivery and fundraising since the pandemic; 51% of charities hold electronic records on their beneficiaries (often including very sensitive information) and 37% receive online donations.

The most common types of attacks are phishing and impersonation, both of which endanger personal data.

Worringly, the survey highlighted a lack of awareness of these risks, with just over 24% of charities having a formal policy (such as financial controls) in place to manage the risk and only 55% saying that cyber security is a fairly or very high priority in their organisation.

Is your charity doing enough to protect itself against fraud?

If you are worried it might not be then there are many resources on hand to help.

This week, 17-21 October 2022, is Charity Fraud Awareness Week; a campaign to raise awareness of fraud and cybercrime and bring charities together to share knowledge, expertise and good practice.

The campaign website provides lots of resources to help tackle fraud in the charity sector, including help sheets, on demand webinars, live events, templates, insight articles and research, e-learning, case studies and many useful links.

On cyber crime, it includes advice on simple steps even small charities can and should take to protect against cyber harms including changing passwords regularly, using strong passwords and two factor authentication, updating training and policies, making back-ups using the cloud and making sure antivirus and all other software is kept up to date.

The campaign also invites all charities to sign up to the fraud pledge to:

1. Appoint a suitable person (staff member, volunteer or trustee) to champion counter fraud work throughout our organisation.

2. Ensure that all trustees are aware of their legal duty to protect the charity’s assets.

3. Consult staff, volunteers and trustees to identify the types of fraud that threaten the charity and the ways to prevent them.

4. Create a written fraud policy and share it regularly – with staff, volunteers and trustees – so that everyone understands what fraud is and how they can help prevent it.

5. Perform checks on the individuals and organisations with whom the charity has a financial relationship.

6. Assess each year how well our fraud controls are working, taking into account new risks and making improvements as needed.

Charities need to be aware of the risks of fraud and take steps to keep their money, people and data safe. To find out more about the governance support and training we offer, including help to develop policies and procedures, please contact us at julian@almondtreeconsulting.co.uk to arrange free initial telephone discussion.