Cybersecurity for Small Charities: Essential Protection with Limited Resources
A small charity with 10 staff and a £200,000 annual income faces the same cyber threats as a large charity with 500 staff and a £50 million income — phishing attacks do not check the size of their target. The difference is that the small charity has no IT team, no security budget line, and limited time for anything that is not direct service delivery. This guide provides the smallest possible set of controls that provide the most protection — all achievable without technical expertise or significant expenditure.
A small charity can achieve 80% of the protection of a fully-resourced security programme through five free or near-free controls that take less than a day to implement.
Five Essential Controls for Small Charities
Every small charity should implement these five controls immediately: 1) Multi-Factor Authentication on all accounts (Microsoft 365 MFA, Google MFA, and any other accounts used for charity work — free, takes an hour to set up, prevents the majority of account takeovers that enable BEC fraud and ransomware); 2) Automatic updates on all devices and software (free — enable automatic updates on Windows, Mac, iPhone, and Android; patches close vulnerabilities that attackers exploit); 3) Cloud backup for critical data (typically £5–15 per month — stores copies of your most important data offsite, enabling recovery without paying a ransom); 4) A payment verification rule (any payment to a new payee, or any change to an existing payee's bank details, requires a phone call to a known number — prevents BEC fraud regardless of technology); 5) Staff awareness (a 30-minute briefing on phishing recognition and the payment verification rule — the human controls that make the technical ones effective).
Free Resources for Small Charities
Small charities can access: NCSC Small Charity Guide to Cybersecurity (free, accessible, practical — ncsc.gov.uk/collection/small-charity-guide); Microsoft for Nonprofits (free or heavily discounted Microsoft 365 for eligible charities — includes security features); Google for Nonprofits (free Google Workspace for eligible charities); Charity Digital Skills Report resources (training resources for charity digital and security awareness — charitydigitalskills.org); and Action Fraud reporting (free support for charities that experience cybercrime — actionfraud.police.uk). Taking advantage of these free resources before spending money on commercial security tools is the right approach for small charities — the NCSC resources address the vast majority of small charity cyber risks effectively.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.