Most of us with any kind digital presence are likely to have been subject to attempted cybercrime. An email from someone claiming to be stuck and unable to come back from holiday in need of money, for example. Or receiving junk email from companies you’ve never heard of could happen because someone has accessed your data through cybercrime.
While there's no need to hit the panic button, cybercrime is a threat and you should take time to think about how to protect your group.
• Cybercrime is criminal activity carried out through computers or via the internet.
• Cybersecurity describes the measures you take to reduce the risk of a cybercrime being committed against you. Cybersecurity is closely related to data protection but while data protection looks at all data on and offline, cybersecurity is specifically about preventing online risks.
What are the risks?
Cybercriminals are mostly after data (to use or sell), money, or want to make a political point/exert political influence. A leisure-time music group offers low rewards in all three of these areas. However, cybercriminals know that while the rewards are lower, targeting smaller organisations is much easier.
The sorts of things that could happen are:
• Phishing – this normally takes the form of emails trying to get information out of you or trick you into doing something, such as paying an imaginary invoice.
• Stealing data – even data that isn’t sensitive, like names and email addresses, has a market value.
• Ransom – this might sound far-fetched but a hacker taking control of your website and demanding a ransom to get it back does happen to small charities.
All of the above can cause financial and reputational damage to your organisation.
What can you do about?
The good news is that there’s quite a lot you can do, fairly easily. It’s about having a risk-based approach. Just like closing windows, locking doors and having a security light, it simply takes a bit of common sense and effort to make little changes to reduce your group’s exposure to the risk of cybercime.
Be aware of:
- phishing threats – they are getting increasingly sophisticated and specific, often using publicly available information about your organisation to make it seem genuine. Common sense ‘smell tests’ are good first lines of defence – if it looks or feels wrong then follow your instinct and question it.
- having (and knowing) clear internal processes in your group and understanding how third parties (e.g. banks) will contact you will help – if it doesn’t fit with what you expect, treat it with caution.
- passwords – we all have lots passwords and we all get frustrated when we forget which version of which password we need. But having strong passwords, changing them regularly and not using the same one across multiple sites is important. Weak passwords are an open window.
- two-step verification – this is a fairly recent innovation and really helps online security. The most common method is sending a text message with a code to enter as well as your password. Most online sites and applications offer it now (check the settings on your website as the feature might be there but will need to be switched on).
- device management – keep computers, phones and tablets secure:
- Use anti-virus and cyber protection software (there are good free packages available)
- Don’t ignore security updates – software providers release them for a reason.
- Lock screens when not in use
- Have security features to access the device – and different passwords to access sensitive documents held on the device.
Find out more about the simple measures that you can take to strengthen your cybersecurity:
- The National Cyber security Centre has free online resources including a really useful 'Stay Safe Online: Top Tips for Staff' e-learning video
- The Fraud Advisory panel has short 10 minute video
- The Charity Commission has useful guidance
- If you’re a member of Making Music, use our Data Protection toolkit to find out more about keeping data safe