How Safe is Your Church or Charity From Scams and Cyber Risk?

August 15, 2019 - 10 minutes read

International Scam Awareness Week for 2019 was held from 12th to 16th August. This event raised awareness about cyber risk and scams and provided tips for improving online security.

Scams and cyber crimes are becoming increasingly sophisticated and clever. ScamWatch predicts that Australians will lose record amounts in 2019 – as much as half a billion dollars or more in total.

How vulnerable is your organisation?

Unless you hand-write cheques, keep manual records and have no access to the internet, then it’s almost certain that you are exposed to cyber risks.

Scams and cyber crimes can also happen to any organisation – not only businesses. Any organisation that uses online banking is especially vulnerable.

In many ways scams and cyber risks are far more underhand than the more tangible “old-fashioned” risks such as burglary, vandalism, fire and liability. This is because hackers and other cyber criminals can go under the radar if you’re not switched onto them. They can bypass your usual security systems (such as locked doors) and gain access into your organisation through surreptitious means.

The risks from cyber threats can include loss of data and information, intellectual property theft, banking credentials and identity theft, privacy breaches, financial losses, reputational damage and more.

Any church or charity that collects the details of other people or organisations also has an obligation to keep that information safe and prevent data breaches.

Read on to find out more on cybercrime and how you can protect yourself and your organisation.

What is cybercrime?

According to the Australian Criminal Intelligence Commission (ACIC) cybercrime consists of “crimes directed at computers or other technologies” (e.g. hacking), or where these technologies “are an integral part of an offence” (such as online fraud).

Examples:

  • Phishing – emails or SMS messages that look official, but request personal or banking information from you or contain infected links or attachments. Tax scams often operate this way.
  • Malware – catch-all phrase for malicious software designed to cause harm. Malware can include spyware, worms, trojans and viruses.
  • Ransomware –  malware that prevents you from accessessing your data or computer until you pay a ramsom, often in cryptocurrency.
  • Adware – software that delivers content that looks like ads, encouraging you to buy goods.
  • Remote access scams – where someone messages you telling you that your computer has a problem which they can fix for you.

Losses from cybercrime

According to ScamWatch, Australians lost $16 billion in the last year due to identify theft and loss of banking information. That’s just what has been reported however – so in reality it could be far worse.

In addition, during 2018 businesses reported 5,800 scams with total losses of $7.2 million . However, ScamWatch says the real loss figure is likely to be closer to $60 million.

Investment scams cause the highest losses for Australians. These includes fake lotteries, pyramid schemes, and cryptocurrency rorts.

Stay Smart Online also reports that 59% of Australian organisations experience cyber breaches every month, and that 80% of breaches that involve hacking are caused by weak or stolen passwords.

How scammers operate

There are various ways that cyber crooks steal information, such as through the following:

  • fake ads, quizzes, surveys and messages;
  • mining information about people from their social media pages;
  • impersonating payment recipients (e.g. your suppliers) by email, claiming to have new bank account details for payments;
  • impersonating legitimate organisations; and
  • false billings – such as fake invoices or subscriptions.

There are certain signs that a message or offer could be a scam. These include where it:

  • makes attempts to gain your trust – such as claiming to be a from well-known organisation (e.g. the ATO) or to be one of your contacts;
  • creates a sense of urgency;
  • either makes offers that seem to good to be true or issues threats;
  • asks for personal or financial information; and / or
  • requests payments by unusual methods, such as gift cards or Bitcoin.

It’s important to be aware of the signs and to avoid engaging with scammers, and to avoid opening any links or attachments you are not sure about. Legitimate organsations will also never ask for your login details or passwords to websites or banking platforms so if that happens, it’s almost certainly a hoax or scam.

12 Tips for improving cyber protection

The best ways to protect yourself against scams is through awareness and taking steps to prevent them in the first place.

Here’s how.

  1. Create strong passwords and change them often. Better still, use passphrases instead – these are strings of words that are easy to remember but hard for others to guess. Also, avoid using the same password or phrase for everything.
  2. Consider using 2-factor authentication when logging in to sites – such as a message to your mobile and a password combined.
  3. Always use dual authorisations when doing online payments.
  4. Use only secure sites – especially when making payments. These display ‘https’ (rather than just http) and a locked padlock symbol in the browser bar.
  5. Switch on auto-updates for operating software, as older versions can have security problems. Recently for example, users of older Windows versions were advised to update their software immediately.
  6. Install firewall and antivirus software, and run scans regularly.
  7. Do regular backups of your data. Even if you back up to the cloud, it’s a good idea to keep a copy on an external device such as a portable hard drive.
  8. Keep up with your bookkeeping and bank reconciliations – as this helps you to be alert to suspicious activity on your accounts.
  9. Lock or shutdown your computers after hours and when not in use.
  10. Keep your websites maintained and secure through a reputable IT company.
  11. Create workplace policies and procedures regarding internet use – such as social media guidelines and setting of password controls.
  12. Train your staff members and volunteers to recognise the signs of scams and to report any suspicions they may have.

Insurance and cyber risk management solutions

You should also ensure your cyber insurance is up-to-date. To cover your organisation from a multitude of cyber liability and financial risks through church insurance, not for profit insurance, or insurance for charities, get in touch with us at 13 000 FAITH or by email. We can also help you with a range of risk management solutions for your organisation.

Summary

The above might sound like a lot, but it’s really not all that onerus. In a nutshell you just need to:

  • practice good risk management and online security regarding access, payments and use of the internet;
  • learn to recognise the signs of a scam and to not engage;
  • train your staff in online security and recognising, avoiding and reporting scams; and
  • financially protect your organisation through church insurance or insurance for charities.

By following these tips you will hopefully avoid being scammed or hacked. However if you do become the victim of a scam or cyber event, you should report it to the Cyber Security Centre (see link below) and tighten up your security. If you are insured with Faith Insurance, see the Members page for information on how to lodge a claim for losses.

Useful links for help and more information

Stay Smart Online – how to protect your business and recover from scams

ScamWatch – latest scam alerts

Australian Cyber Security Centre – for scam information and reporting

Faith Insurance – further articles on cyber risks and security

Written by Tess Oliver

 

 

 

 

 

 

 

 

 

 

 

Tags: ,