Charity IT latest
Getting your IT right is crucial for charities. So for articles on the use of IT for charities ranging from admin to marketing, click on the headline links below.
Click on the headlines of your choice.
It’s an unfortunate reality that the charity sector is an attractive target for cyber attacks. Criminals are unscrupulous in choosing their targets and can all too easily take advantage of charities, and their supporters, for their own gain.
There is a huge black market in user credentials - login details and other personal information – which are bought and sold online. Cybercriminals can get their hands on this information in a number of ways. This includes stealing directly from the charity or a partner, or using credentials leaked from third party sites which are then reused to attack a charity or its supporters.
The fact that people often reuse usernames and passwords, across multiple systems, makes matters particularly easy for criminals.
To protect themselves and their data, charities must monitor the internet for any potential threats, even before they happen. The ability to detect leaks of personal details it holds on donors, volunteers, beneficiaries, or employees, appearing outside its own network should be a priority, as well as uncovering the tell-tale signs that an attack on their organisation could be imminent. Finally, charities must also monitor their own networks and practise good cyber hygiene that could deny cybercriminals entry.
Why criminals target charities
The average cybercriminal is primarily focussed on making money and will look to target assets that achieve this goal. They might directly try to steal funds or hold a charity to ransom, crippling services and only restoring them upon payment of a large sum of money. What’s most likely to be their main target is the Personally Identifiable Information (PII) of supporters which they can access by targeting the employees. Charities are a goldmine of this data, holding the PII of thousands, if not millions of individuals. This can be used by cybercriminals in a number of ways to make money.
Once they have the financial details of donors, the fraudsters can use these to steal cash directly from their bank accounts. Another method they use is to imitate the charity and email the donor directly, using the stolen information, to request more funds, known as phishing.
This can be very effective as the person targeted has already shown an interest in the charity and a willingness to donate, so asking for more money won’t seem unusual and is likely to produce results. Criminals are skilled at using techniques which prey on the trust and goodwill of donors and compel them to make emotional decisions by clicking on links that look genuine.
The emails are made to look very convincing, often using the same branding and messaging and, through the use of a technique called typo squatting, they set up fake sites which are made to look like the legitimate charity. For instance, if the actual domain is anycharity.org.uk they might use anycharity.com or anycharitydonations.org.uk.
This is particularly pertinent over the coronavirus crisis, which has seen people more willing to help out good causes. For instance, criminals were found by the FBI to be masquerading as collecting donations for the American Red Cross but were in fact lining their own pockets. According to DomainTools, which scores a domain on how likely it is to be malicious, 150,000 suspicious coronavirus-related domains have been registered since the start of the pandemic.
Staff working for charities can be a particular target for phishing attacks, which attempt to trick employees into clicking on links. This is in order to obtain their personal information, or gain access to the staff member’s email account. They can send emails from them which appear legitimate convincing others to send money to new accounts or to commit other types of fraud.
Cybercriminals often target charity workers for their credentials so that they can access charity databases rich in donor data. Recent research shows that more than 8 out of 10 charities have reported that their staff have been targeted in phishing attacks.
Finally, they could sell the information online to other cybercriminals. Once they have their hands on this valuable data, they will try to sell it where they can. These are likely to be on forums on the Open and Dark Web, as well as websites like Pastebin that allow users to post information anonymously in plain text. The Dark Web is the hidden part of the internet, not indexed by conventional search engines such as Google or Bing, which cybercriminals use to get around law enforcement to buy and sell personal data.
Charities also need to look out for employees reusing the same – or similar - corporate login credentials to access other third party sites. If these sites are breached, then the staff member may have inadvertently given the hackers all they need to break into the charity’s own IT network.
Need to protect data
Suffering a data breach is serious for any organisation. Yet for charities, whose success is built upon their reputations and the goodwill of supporters, the loss of any sensitive information can be devastating. Many charities provide services for vulnerable individuals, where leaks of data could result in serious physical or emotional harm. Any organisation is at risk - often it’s simply down to hackers taking a chance and testing out credentials from another unrelated breach, and discovering they can be used to target a charity.
This opens charities up to the risks of phishing attacks, identity theft and even having funds taken directly from their accounts. As such, trust in their brand will undoubtedly be damaged if data is found to have been traded by cybercriminals online. This is likely to have a knock-on effect for the charity’s funding as research from The Charity Commission has found that people are nine times less likely to donate to a charity they deem untrustworthy.
There is also the consideration that any data breach could land a charity in trouble with the regulators. The EU’s GDPR stipulates that organisations must have appropriate mechanisms in place to protect any PII in its possession. Failure to do so could result in the organisation having to pay a large fine.
These issues are made worse by the fact that time and resources are in limited supply and volunteers are often relied upon to help deliver services. This can add to the risk exposure, and so requires making sure that helpers and temporary workers, as well as permanent staff, are all up to date with the latest data privacy regulations and have regular training on how to keep information safe. This can be a huge task.
The Covid-19 crisis has without doubt made the situation worse. Charities are also facing a funding crisis never seen before. Those wanting to survive are likely to cut back where they can, which could mean IT security is reduced. This will also be made worse by trained professionals being furloughed, or those who are still working having to do so remotely with varying degrees of cybersecurity.
Protecting your charity
Any organisation needs to make the best use of resources and charities, in particular, have to be careful to get the best possible value from cyber protection. To help them out, the UK Government has created a guide which outlines five key areas that charities must focus on to keep their data safe. These are: backing up data; protecting against malware; keeping connected devices safe; using passwords to protect data; and avoiding phishing attacks.
Much of this advice focuses on simple actions charities can take using protection they already have access to or putting in place procedures to protect information. This includes basics such as turning on firewalls and anti-virus software, as well as changing default passwords. Having a unique password for every user and for every protected asset they use is a cyber security fundamental. A good way to secure credentials is through a password manager, which will generate and store uncrackable passwords.
Another simple step charities can take is to regularly download and install the latest updates for all their operating systems and applications. These will provide security patches for any vulnerabilities in the software that could be exploited by threat actors.
Early warning systems
Taking steps to prevent a data breach, or limit the impact of one, needs to be a priority for charities if they want to avoid damaging repercussions. The key to this is monitoring.
Monitoring the internet for early warning signs of an attack will help charities focus their defences. This monitoring should include detecting if there has been any chatter on social media sites or forums used by cybercriminals that might indicate an attack is imminent. There is also the need to identify stolen information that might appear on the Open and Dark Web. However, accessing sites that are exclusively the domain of cybercriminals requires specialist help.
Charities need to be certain whether any information which appears online is theirs so that they can take swift and decisive action if necessary. This can be difficult as there could be thousands or even millions of credentials to examine. To this end, the use of “synthetic” identities and watermarking data will help to pinpoint whether any information has leaked outside the organisation.
The idea is to mix in specifically created fake credentials, including emails, with real data. If these synthetic identities appear anywhere they shouldn’t, a charity will know with absolute certainty that there has been a data breach.
The consequences of a cyber incident can be costly and far reaching. Criminals are capitalising on global events to make financial gain, yet there are ways to minimise risk and close security gaps.
By keeping a watchful eye on their own data and putting systems in place which can forewarn of potential attacks, charities can prevent the goodwill of their supporters from being exploited.
"Having a unique password for every user and for every protected asset they use is a cyber security fundamental."
We all know how important it is to demonstrate impact to donors. This can be achieved in terms of the number of projects funded and various measures of change delivered. But what about productivity? How do you and your donors know that your charity is working in the most efficient way, and trust that time is not being wasted either knowingly or unknowingly?
Just like any business, smooth administration and good organisation are a necessity for charities, but in today’s digital world processes can quickly become outdated. A rapidly growing inefficiency is the poor management of digital content – or to put it in everyday language – the organisation of the thousands of folders and files in your charity.
Let’s rewind a decade. Yes, having a high performance website, a strong marketing engine across several channels and a good grasp of social media were all imperative. But no matter the charity, none were dealing with anywhere near the same volume of content as they do today. The proliferation of smartphones, tablets, apps, high speed internet, social media, and video – not to mention the swelling of email and brands’ constant battling for our attention – have changed the way we live and work.
Charities didn’t produce, nor monitor, nor manage the same volume of digital content as they do today. And nor did fundraisers or other partners. In a relatively short space of time things have exploded!
“So what?” I hear you ask.
Much time lost
Last year, UK market research specialists Sapio looked at the impact of digital content on marketing teams of all sizes. The survey found that an average of 13 days per team member is lost every year due to hunting for digital assets and filing content. From images and graphics, to videos, presentations, documents, spreadsheets and design files – charity teams have to handle an ever-increasing volume of digital assets.
Typically charities have small marketing teams, but have to manage a huge volume of visuals. For example, photographs and clips are regularly sent in from all over the country or around the world. Keeping on top of this, and being able to find all these files quickly at a later date has become burdensome.
It’s typical for teams to use shared servers or Dropbox-style services and content is often not centralised to be contributed to or accessed by staff in multiple locations. It can also be a struggle to share the right assets with the press, as well as important donors. And how can you keep a live log of who has downloaded these without increasing admin?
Digital asset management’s role
The importance of being able to demonstrate impact to donors is critical for a charity. I speak from personal experience here as I previously worked in procurement for the RSPCA. Impact consistently had a bearing on our decision-making criteria.
Adopting software – especially that which has already been popularised in the commercial world – can help you to demonstrate you are forward-thinking and investing for long term gain and support recruitment of new talent who expect these tools in the workplace. Furthermore, it can have an immediate positive impact on performance, contributing toward the enhanced output of a team for all to see.
Digital asset management (DAM) does this. It is dedicated software to help you consistently store digital assets online, so they can easily be found and shared. It makes life much easier for internal teams and enables fast, secure access for outside parties too. This could include volunteers and partners, as well as suppliers and venues.
Working in the same way
Managing files in this way requires everybody within the charity, and even your outside partners, to work in the same way so that the security, organisation and searchability of digital assets is consistent. It empowers everyone to quickly find what they’re looking for, saving long searches and the distraction of colleagues, meaning more time is spent focused on what really matters.
As a result, a wide range of charities are currently adopting DAM. These range from youth-focused organisations such as the Scouts, through to research organisations like the Institute for Cancer Research. No matter whether you’re the World Health Organisation or a community-based charity, today’s DAM can help unleash your team’s full potential.
Cost viability for a charity
While digital asset management (DAM) software has been around in different guises for many years, its shift from on-premise installation to the cloud has opened up use to many more organisations including charities. The evolution to web browser-based SaaS (Software-as-a-Service) means you no longer have to host the software on your own server, nor bear responsibility for infrastructure and updates.
But hold on – what on earth does this mean for the untechnical majority of us? Well in the past, DAM was very much the preserve of big corporate organisations which could afford to implement such software across their staff computers. It required an on-site IT team to install and then update this on a continual basis. Smaller and cost-sensitive organisations faced a huge barrier.
New cloud-based DAM changes the game – now any charity can benefit from state-of-the-art DAM functionality at an operationally viable price point.
There is no need for IT support, nor any requirement to make latest security or version updates. All your files are secure and accessible online and it’s very simple to use without the need for training to get started.
Anyone can download the software and be granted appropriate access to save, search and share files. Being a web browser-based tool makes it far more accessible, particularly for charities with dispersed teams or fundraisers using their own computers, and it relieves pressure on your own IT network.
A benefit of SaaS is that it’s often subscription-based and pricing is dependent on several factors, including how many users will benefit from the tool. This makes it a viable solution for charities of any size. Another advantage of SaaS is that as new features and functionality are regularly added, users have immediate access to these.
Advantages of DAM for charities
FAST SETUP. A typical barrier to introducing new software is the internal education process needed to ensure successful adoption. Modern digital asset management offers an intuitive user interface meaning most can use it right away with little or no training. With easy importing you can easily move content from a shared server into your DAM library in minutes.
GET EVERYONE WORKING IN THE SAME WAY. No more saving to desktops, shared servers or bulging Dropbox and Google Drive accounts. DAM software requires everyone to save files in the same secure way, to be discoverable by others. And when new staff or volunteers join, it immediately supports knowledge sharing. Existing assets can easily be found by new joiners, avoiding duplication of effort. Everybody can see the latest versions of files in real-time to assist version control and avoid duplication of files.
PROVIDE SECURE ACCESS TO THIRD PARTIES. You may work with agencies, freelancers and volunteers. And you may at times scale up your team thanks to funding injections from significant donations or grants, and therefore bring in temporary staff to provide extra resource or expertise. Sharing the correct files these people need can be time-consuming. It may not be appropriate to grant full access to a shared drive or folder, but neither is it desirable to have to regularly split files into multiple folders.
Approved access only
With DAM, admins can allow an approved individual or team access to only the assets you require them to have. Not only is this quick, it helps maintain the security of assets, especially around campaign launches or private fundraising activities.
INTEGRATED TECHNOLOGIES. Searching for files and filtering results has been revolutionised by using tags, keywords, custom fields and metadata. Being able to search by file size and other factors – for example, by which photographer, designer or document creator – also speeds up searches. Facial recognition technology means you can, for example, find every picture featuring a particular ambassador in an instant, no matter how many different locations these were originally saved in.
Google Chrome and Microsoft Office plugins let your users search your media library without leaving their browser-based email, document or presentation. Integration with design programmes, including Adobe Photoshop and InDesign, allows faster editing. File saves are synced with the centralised DAM storage system, so everyone else immediately has access to the latest version. Daily workflow time-saving quickly adds up.
WHITE LABELLING. Customising the appearance of your DAM platform with your charity’s own branding is very popular. This means your files reside in what appears to be a natural extension of your internal intranet or external website, rather than being hosted by a third party such as Google, Dropbox or WeTransfer. Furthermore, charities can easily create branded portals for media and supporters to download campaign materials.
Software easy to introduce
You can be up and running with a DAM solution in hours. Easy importing allows you to effortlessly upload content from your shared server and other locations into your new online DAM library. A good setup example is facial recognition. You can tag one photograph with the individual’s name, and then be amazed as the technology does the work and instantly finds all photography featuring that person.
A common concern is the time it can take to train staff to use new software, but the best DAM providers offer an intuitive user interface, meaning most people can use it right away with little or no training.
DAM software is hosted on the likes of Amazon Web Services. This not only ensures excellent security and reliability, but means storage capacity can grow with your business requirements. Once DAM is introduced into a charity it’s often adopted widely once the benefits are clear for all to see.
Seamless to integrate
As you consider what new technology and software will make the greatest difference to the performance of your team, consider: what will be seamless to integrate; what can be used immediately by all; and what can naturally scale with your operations? The more productive your team can be, the more effective both your fundraising and subsequent delivery – and ultimately, the greater the impact on your cause. If donors see the results of greater productivity for themselves they’ll know the charity they support is a very well managed one.
"Typically charities have small marketing teams, but have to manage a huge volume of visuals. "
"All your files are secure and accessible online and it’s very simple to use without the need for training to get started. "
"DAM software requires everyone to save files in the same secure way, to be discoverable by others. "