Tips to developing cyber resilience for your charity
When it comes to maintaining a good cyber security posture, there are some easy, cost-effective wins that instantly enhance your charity’s cyber resilience:
1. Keep your software up to date.
2. Enable Multi-Factor Authentication where possible.
3. Use unique long passwords – perhaps a password manager.
4. Run regular antivirus scans.
5. Recognise phishing emails.
Software:
The easiest target for a malicious actor is out-of-date software, or end-of-life hardware. Software updates typically include security updates and even minor version changes can improve security drastically. End-of-Life hardware, or hardware that no longer receives security updates is also an easy target for malicious actors. Windows 10 for example will reach end-of-life in October 2025 and systems running this operating system will then become vulnerable to malware and malicious attack.
Multi-Factor Authentication (MFA):
MFA provides an additional layer of security by requiring users to present two or more verification methods before gaining access to accounts or systems. Even if passwords are compromised, attackers would still need the second authentication factor (such as a phone-based code or fingerprint) to gain entry. This significantly reduces the risk of unauthorised access and helps keep your data safe.
Unique, Long Passwords:
Using unique, long passwords for each account helps protect against credential brute-force attacks, where cybercriminals use stolen passwords across multiple services. Long, complex passwords are harder for malicious actors and programs to crack. Password managers help by securely generating and storing these passwords, reducing the likelihood of reusing passwords or using weak, easily guessable ones.
A 12-character password with lowercase, uppercase, special characters and numbers could take hundreds of years to crack. The 540,360,087,662,636,962,890,625 unique combinations from 95 potential characters makes life difficult for any opportunity hackers.
Recommended by LinkedIn
Run Regular Antivirus Scans:
Regularly scanning your systems with up-to-date antivirus software helps detect and eliminate malware, spyware, and other malicious threats before they can cause significant damage. Scheduled scans and real-time protection are critical for identifying known threats and preventing unauthorised activities on your devices.
Recognise Phishing Emails:
Phishing attacks are one of the most common methods cybercriminals use to steal sensitive information. Training employees and users to recognise phishing emails—such as those with suspicious links, unexpected attachments, or urgent requests for personal information—can drastically reduce the risk of falling victim to these attacks. Awareness programs and simulated phishing tests can help improve detection and response to such threats.
As a sense check for when you see a suspicious email, ask yourself these questions:
· Does the email address match the content of the email?
· Does it come across as urgent or forceful?
· Can you google search the organisation that sent the email and verify their authenticity?
· Can you check any links in the email before clicking on them?
MASS provide Cyber Essentials certification to companies and organisations at a competitive rate. This baseline cyber security standard ensures your system and policies are robust and effective against commodity threats. Contact the team at [cyber-essentials@mass.co.uk] for more information or visit our cyber essentials page.
Article by Matthew Boyle , Cyber Security expert at MASS.