Olivier Reuland
White Hat Consulting
Pragmatic Information Security and Privacy Expert

Pro Bono Work

Helping charities fighting off the bad guys.

privacy
security
pro-bono

Reading time: 2 minutes - 481 words

Attackers aren't picky. They don't stop because their victims are a school, a hospital or a charity.

Like others, charities face many risks when protecting their customers' personal information and safeguarding against various scams. But unlike others, charities often don't have the means to defend themselves.

I give back some of my time to help by doing pro bono work for a few charities. Don't hesitate to reach out, whether it's a simple question or a more significant issue. I can't help everyone, but I'll try to point you in the right direction if I can't do more

What are the risks?

Charities are under attack, as we can see in recent incidents against Save the Children, or more than 140 charities and community organisations across the island of Ireland and the UK.

  • Theft of Personal Information: Charities are highly likely to collect personal information about their customers, donors, and volunteers. This data is sold on the dark web and used to scam or blackmail the victims.
  • Ransomware Attacks: Ransomware attacks are a growing concern for charities. These attacks involve cybercriminals encrypting a charity's data and demanding payment for the decryption key.
  • Scams: Charities are not immune to scams, ranging from financial fraud to phishing attacks. Attackers can target the charity's funds or financial details of donors, for example.-

What is at stake?

This depends on the intentions of the attacker.

  • Harm to people in cases where the attacker accessed sensitive personal information such as health or financial details.
  • Impact on operations, for example if funds have been stolen or services used by the charity to run its operations are not usable.
  • Ability to raise funds if the attack has tarnished the charity's reputation, or during the incident.
  • Legal repercussions for board members and executives if they haven't met their legal obligations, such as those mandated by the New Zealand Privacy Act.

What can charities do?

  • Follow good security practices
    • Use separate accounts, unique passwords and multi-factor authentication (MFA).
    • Regularly update software and security measures.
    • Educate staff and volunteers about good cybersecurity practices.
  • Protect personal information
    • Only collect personal information that is necessary for your operations.
    • Store personal information securely and limit access to authorised personnel.
    • Delete information you don't need anymore.
  • Learn to identify scams
    • Educate staff and volunteers about common scams and how to identify them.
    • Implement strong authentication measures for financial transactions.
    • Regularly review financial statements and monitor for suspicious activity.
  • Fend-off ransomware attacks
    • Educate staff about ransomware and how to avoid falling victim to it.
    • Regularly back up your data and store it offline.
    • Know what to do and whom to contact for help in case of a ransomware attack.
  • Seek assistance
    • Ask me for help, or others.
    • Reach out to law firms and other professional organisations that offer pro bono services.
    • Attend free webinars and workshops offered by the government or other well-minded organisations.