A recent government-commissioned report, Cyber Security Among Charities, urges awareness of cyber security issues to be improved within the charitable sector. Cyber attacks pose as much of a threat to charities as to businesses, the report concludes. It recommends that charities reinforce their internal controls, rather than just rely upon a common sense approach.

Many charities interviewed expressed strong levels of concern about funds or personal data being stolen, which are seen as existential threats. However, there was less focus on threats to non-personal data, such as malicious software, despite the disruption that these can cause to an organisation’s operations.

Last year’s cyber attack on Comic Relief demonstrates that charitable organisations, large or small, are not immune to the threat of being targeted by malware or ransomware.

In the wake of the WannaCry global ransomware attack, we explore simple steps your charity can take to reduce the risk of being affected by malware such as this. It follows on from our previous online security guide, how to avoid being a victim of phishing scams.

What is malware?

Malicious software, or malware, is software code or virus designed to disrupt the normal working of computer systems or mobile devices. Any exchange of data, such as opening an infected email attachment, visiting a malware hosting website, or importing the content of a USB stick, carries the risk of transferring malware into an organisation’s systems and services.

Malware can be used by fraudsters to capture information from systems, PCs, laptops or portable devices, or to read data entered onto them such as passwords and log on details.

Other names for malware include viruses, worms, trojan horses, spyware and ransomware. Ransomware refers to a particular use of malware, in which a fraudster threatens to make public the victim’s seized data or block access to it, unless a ransom is paid.

Warning signs

  • It can be difficult to tell if malware has corrupted a system or device until it prevents the user running applications or accessing data, so preventing infection is the best policy
  • Malware can be concealed within a wide range of sources, such as emails, web pages, pop up advertisements and storage devices. These may contain links or attachments to malware-hosting images or documents which, if opened, infect your devices or systems
  • The impact of malware infections might include disruption to the running of an organisation’s services, theft of sensitive information or loss of access to critical data
  • More often than not, malware attacks are made possible through phishing. Staff awareness of how to spot and block phishing attempts is critical to protect your organisation from falling victim to fraud


1. Install (and enable) anti-virus software

Use anti-virus software, often provided with widely used operating systems, on all computers and laptops. If your anti-virus software detects any malware, follow instructions to remove it and run a full anti-virus scan afterwards to ensure that your machine is clean.

2. Train staff and volunteers on how to be vigilant

Make sure staff and volunteers are fully aware of key risk areas, such as phishing emails, deception by telephone callers, and the misuse and loss of computer equipment or removable devices. Provide a programme of briefings and training that delivers practical guidance as well as helping to establish a security-conscious culture.

3. Keep all your IT equipment up-to-date (through patching)

For all IT equipment and portable devices, keep the software and firmware installed on them up-to-date with the latest versions – a process known as patching. Wherever it is an option, set operating systems, programmes, devices and apps to automatically update.

4. Control how USB drives (and memory sticks) are used

Reduce the risk of infection from storage devices by:

  • Blocking access to equipment ports for unauthorised users
  • Using anti-virus software to keep USB drives and memory cards clean
  • Only allowing approved drives and cards to be used within your organisation (and nowhere else)
  • Asking staff to transfer files by other approved means, such as encrypted email

5. Switch on your firewall

Firewalls provide a buffer between your IT network and external networks, such as the Internet. Most widely used operating systems include a firewall, so you may just need to check that this is activated.


CAF's security centre provides more tips about how to protect yourself and your accounts from fraud.

If you suspect your organisation’s bank accounts have been exposed to fraud or cyber attack, please call our customer service team on 03000 123 456 or email

If you believe your organisation has become a victim of fraud of any kind, please report it to the Action Fraud helpline.

External sources of online security guidance

The following links are to external websites offering further coverage of this topic. CAF has not reviewed, does not control and is not responsible for these websites, their content or availability.