Policy

Tag Archives

A Five Step Plan to Reduce Charity Fraud

Fraud is on the rise and it’s estimated by the Annual Fraud Indicator 2017 to cost the UK economy £190bn per year. Charities are far from immune. Recent cases have highlighted the vulnerability of the sector. Jonathan Orchard, Partner at Sayer Vincent, has put together a five step plan to help your charity avoid the financial and reputational damage that fraud can wreak.

Accept that fraud exists
Organisations are estimated to be losing between 3 to 8 per cent of their income due to fraud – income that won’t get through to beneficiaries. Additionally, the impact of fraud on a charity’s work, beneficiaries and reputation can be hugely damaging, so the first step towards reducing fraud is to accept it exists.

Understand your own vulnerabilities
Charities need to think like fraudsters and really scrutinise their organisation’s weaknesses and vulnerabilities. There are common areas for fraud such as payroll and expenses, payment and procurement processes, fundraising and of course cyber risks –which must all be considered.

Given the scale of cyber risks, we advise that charities should consider what information they are putting in the public domain and how that information could be used in the wrong hands. For example, publishing important contact details such as finance personnel or the names of key suppliers or senior managers on their website. Having access to these contacts makes it easier for fraudsters to engage in phishing.

Build awareness and the right culture
Fraud risks should be openly discussed internally with trustees, staff and volunteers. There needs to be clear policies around fraud, bribery and corruption that everyone understands. To develop the right culture, employees need to understand what fraud and theft means to the charity, the responsibilities of staff in managing fraud, details of any whistle blowing plan or policy and crucially, how the charity will react to fraud.

To read the full Directory of Social Change article click here.

Source: Directory of Social Change


The Difficulty of Recording Impact Accurately

Whether as a fundraiser, project coordinator or director, if you work for a charity a big part of your role is about being accountable. And this accountability ultimately comes down to one thing: impact. Now, of course, different charities will report on different aspects of impact, but fundamentally the challenge remains the same. How do you capture your impact, and why is it important?

What do we mean by impact?

As mentioned before, every charity will have different criteria by which they measure their impact. What number of organisations have you worked in partnership with? How many people have you trained or supported? How many capital projects have been delivered? How many vulnerable people will benefit? And arguably more importantly, how has it benefitted them? What changes have we seen?

This brings us to the two different types of impact: qualitative (outcomes) and quantitative (outputs). The latter deals with facts and statistics. How many people did you reach? How many resources did you provide? The former, more anecdotal approach refers to all the benefits, positives, changes and impact that are a bit harder to put a number on. It could be a quote from a beneficiary, a photo, video or case study capturing the positive effect of a project for one person in particular.

To read the full Charity Today news story click here.

Source: Charity Today


A Cloud Security Checklist for Charities

It would not be an exaggeration to call it “the cloud revolution” – cloud platforms and services such as Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platforms as a Service (PaaS) have enabled organisations of all kinds to take advantage of on-demand computing power, storage and tools that would previously be unimaginable for all but the biggest budgets.

The cloud is an absolute no-brainer for charities running digital services, websites or infrastructure, but for organisations that handle sensitive constituent and donor data, security is the first concern.

Storing data in the cloud is generally safer than keeping it locally for the simple reason that major cloud providers are held to strict standards to be able to operate, and these include being responsible for customers’ data in their datacentres. As a cloud infrastructure customer, you fortunately inherit the best practises of that vendor around policies, architecture and processes built to keep security-sensitive organisations’ data safe.

However, there are a few vital checks you should make before taking the plunge with a cloud vendor:

1. Verify your provider

A provider should be able to demonstrate their adherence to security standards and best practises by showing that they comply with industry-recognised standards.

Security schemes like ISO 27001 or certification under the government’s Cyber Essentials Scheme are good ones to look out for, but there are multiple.

The Cloud Industry Forum, a professional membership body for cloud providers, lists a few of the most common security certifications and regulatory standards on its website.

To read the full Charity Digital News Article click here.

Source: Charity Digital News


Queen’s Speech Commits Government to Online Harms Law

The Government has committed itself through the Queen’s Speech to bringing in online harms legislation to protect children and vulnerable adults from digital threats.

The protection measures, outlining tougher checks on social media platforms to prevent online abuse, had been introduced by the government in April 2019 through an online harms white paper.

In this week’s Queen’s Speech the government has confirmed that it “will develop legislation to improve internet safety for all”.

“Britain is leading the world in developing a comprehensive regulatory regime to keep people safe online, protect children and other vulnerable users and ensure that there are no safe spaces for terrorists online,” states the Queen’s Speech, which was introduced into parliament on Thursday following the Conservative Party’s general election victory this month.

It adds: “ The April 2019 online harms white paper set out the government’s plan for world-leading legislation to make the UK the safest place in the world to be online. The government will continue work to develop this legislation, alongside ensuring that the UK remains one of the best places in the world for technology companies to operate.”

The white paper measures had received the backing of a number of charities supporting vulnerable people from internet harm, in particular relating to children at risk from sex offenders.

The proposals include appointing an independent regulator to ensure tech companies have a duty of care towards their users.

To read the full Charity Digital News article click here.

Source: Charity Digital News


The Best Cyber Security Tools for Charities

Charity Digital News has taken a look at some of the best cyber security tools available to charities – from general security to password management and measures against phishing.

Charities offer the potential of rich pickings for hackers and cyber criminals for several reasons. They often store large amounts of valuable data about supporters, they may control significant amounts of money raised from those supporters, and 44% of charities don’t protect themselves with the right cyber security tools since they don’t believe they are at risk.  That may explain why 22% of UK charities faced cyber attacks last year.

Risk management

It’s also true that many charities have a limited number of IT staff, and those staff may have a small cyber security budget compared to large businesses. That means it is essential for charity leaders to deploy that budget as effectively as possible to minimising the risk of cyber security breaches by mitigating the most common vulnerabilities.

Phishing, malware and ransomware

For many charities, the most likely form of cyber attack that they will encounter is a phishing attack, which involves criminals sending out fraudulent emails. 81% of charities reported receiving phishing emails last year. These emails often contain links to websites that imitate the websites of banks and other financial institutions to enable criminals to steal login names and passwords.

They may also include attachments that are infected with viruses and other malware such as keyloggers, which steal user names and passwords from an infected computer, and ransomware, which can spread around a charity’s network and encrypt the data on all the computers it encounters. The cyber criminals then demand a ransom, usually payable in cryptocurrency, to restore the systems to working order.

Date exfiltration

Criminals may also exploit vulnerabilities in software used by charities to gain entry to the charity’s computer network. Once they have infiltrated the network they will typically search for databases and stores of valuable information and exfiltrate any useful information that they find to exploit or sell to others in the criminal underworld.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Whistleblowing Reports to the Charity Commission Double in Two Years

Recently-released data from the Charity Commission for 2018-19 has shown that whistleblowers submitted 185 accounts over the year, a jump from 101 in 2017-2018 and a twofold increase compared with 88 reports in 2016-17.

Over 90% of reports come from current or former charity employees, with safeguarding, governance and fraud the most frequent concerns.

The Charity Commission report speculates that “this increase is likely to have been influenced by the high-profile nature of safeguarding incidents emerging from the carity sector this year, which may have encouraged others to come forward with concerns”.

Read the full report by clicking here.

Source: FSI


NCVO Launches New Safeguarding Tools

New Safeguarding Resources and Guides available from NCVO and a partnership of expert organisations: #SafeguardingAsOne

NCVO’s Knowhow advice site is a hub for an expert range of new online safeguarding resources. NCVO’s free online resources, launched on 7 October 2019, outline simple steps that voluntary organisations can take to ensure that they are run in a way that actively prevents beneficiaries, staff and others from suffering harm, harassment, bullying, abuse and neglect.

Safeguarding should be a core value of every voluntary organisation and considered a personal responsibility of everyone working in them, the National Council for Voluntary Organisations (NCVO) has urged.

To access NCVO’s Safeguarding Tools click here.

Source: NCVO Newsletter


New Code of Fundraising Practice

The new Code of Fundraising Practice will come into effect on 1 October 2019. This is the first major redraft of the code in almost a decade, following a consultation in autumn 2018. Improvements have been made to style, presentation, clarity and accessibility to make it easier for fundraisers, charities, exempt charities and third-party organisations to understand the standards expected of them when fundraising.

Fundraising organisations should ensure that their fundraising materials, training and policies are updated to reflect the standards in the new code. To help with the transition, the Fundraising Regulator have produced a mapping document and deletions and mergers log to show where old rules and sections have moved to, which will be available online until November 2019.

Source: FSI


Cyber Security FAQ: Why Charities Can’t Afford to Ignore the Risk from Malware

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. That is why in this article we try to shed some light on the world of malware, with help from cyber security experts Avast.

Q: What is malware?

A: Malware (short for malicious software) is a common tool that cyber criminals use to get inside devices, take control of them or steal information.

In much the same way as the common cold, malware (short for malicious software) is easily caught and always evolving. It continues getting faster and cleverer, finding new ways to access your charity’s devices or network. And just like a cold, it’s much easier to prevent it than it is to deal with its effects once it’s taken hold.

Q: Are charities at risk from malware?

A: Yes. Just like commercial organisations, charities hold valuable data that cyber criminals will trade for a high price on the black market. Malware is one common (and easy) way of stealing that data.

One in five charities were affected by a breach of their data last year, costing them an average of £9,470 to fix what could have been prevented for a tiny fraction of that cost.

But monetary cost is just the tip of the iceberg. Whether or not data is stolen or recovered, the charity sector exists on a foundation of trust. Charities simply cannot afford anything that damages their reputation in the eyes of the public, their stakeholders, service users or supporters.

Added to this, charities running a tight shift to deliver critical services to their communities and service users often rely on the use of data and computers. The resulting downtime from dealing with a malware infection is just not an option.

All of this makes malware a significant threat to charities.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Five Free Efficiency-Driving Tools for Charities

Managing teams and projects is hard – especially on a tight budget. Fortunately, there are lots of free tech tools for charities which can help boost productivity, save time, and allow charities to focus on the mission.

Whether you’re communicating with teams working across multiple locations, organising the next charity fundraiser, or trying to find a date for the next board meeting, trialling some of the latest efficiency tools for charities can help, especially when they’re entirely free or offer free basic options.

See also: The best online fundraising platforms for charities click here.

Collaboration app for charities – Slack

Slack is an essential productivity tool to help charities of all sizes streamline their communication with staff, volunteers and external teams. The messaging app that allows teams to communicate in a quick, informal manner.

Comparable to WhatsApp’s improved group text messaging over traditional text messages, Slack delivers a similar service tailored for the business environment. Conversations can be direct or arranged around Teams (Finance, Service Delivery, etc.) or Projects (Fundraiser, Website Launch, etc.), documents can be shared, and users can be tagged on items so to ensure they are alerted to things key for them to look at. Slack can also integrate with a number of other tools, such as Google Calendar, Outlook, and Trello.

To read the full Charity Digital News article click here.

Source: Charity Digital News


Page 1 of 15123...Last