The Charity Commission is alerting charities to follow protection advice issued by the City of London Police and National Cyber Security Centre (NCSC), following the recent ransomware attack.

Over 200,000 organisations, including the National Health Service (NHS), in 150 countries have been affected by the attack.

Key protection messages:

  • install system updates on all devices as soon as they become available
  • install anti-virus software on all devices and keep it updated
  • create regular backups of your important/business critical files to a device that is not left connected to your network, as any malware infection could be spread to that too
  • do not meet any stated demands and pay a ransom - this may be requested via Bitcoins (a form of digital or ‘crypto’ currency)

National Cyber Security Centre technical guidance includes specific software patches to use that will prevent infected computers on your network from becoming infected with the ‘WannaCry’ Ransomware.

Additional in-depth technical guidance on how to protect your organisation from ransomware can also be found on the NCSC website.

Phishing/Smishing

Fraudsters may exploit this high profile incident and use it as part of phishing/smishing (SMS phishing) campaigns. Charities are urged to be cautious if they receive any unsolicited communications from the NHS.

The protect advice is:

  • any email address can be spoofed - do not open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for personal/charity information or financial details
  • the sender’s name and number in a text message can be spoofed - so even if the message appears to be from an organisation you know of, continue to exercise caution, particularly if the texts are asking you to click on a link or call a number

How to report

If you think your charity has fallen victim to cyber-attack, you should report it to Action Fraud by calling 0300 123 2040, or visiting ActionFraud.

Trustees are advised to also report suspected or known fraud incidents to the Commission by emailing RSI@charitycommission.gsi.gov.uk

Serious incident reporting helps the Commission to gauge the volume and impact of incidents within charities and to understand the risks facing the sector as a whole.

You can visit Charities against fraud for advice and top tips on how to protect your charity against cyber-fraud.

 
 
 
 
The logo for Kreston International Investors in clients logo British accountancy awards finalist 2016 logo PracticeExcellence Shortlisted 2017 - Large Practice of the Year The ICAEW logo The logo for the Times Top 100 best companies to work for