Skip to main content

Charity workers most at risk from phishing

(Image credit: Image Credit: Geralt / Pixabay)

UK charities are leaving themselves exposed to phishing attacks due to a lack of proper security training, a new report has claimed.

Research from cybersecurity firm Tessian found that charity workers are some of the most likely to fall victim to online scams due to a lack of security knowledge.

Tessian found that just 11 percent of charity employees say they regularly receive training about cyber threats on email, and just over a third (37 percent) saying they have never had any training on spotting or dealing with email security threats. 

This is despite the number of data breaches in the charity sector doubling over the last two years, with a recent DCMS report claiming that one in five charities experienced a cybersecurity breach last year - the vast majority of which resulted from a phishing email

“When you consider the wealth of certain charities and how much valuable donor data they hold, such as the personal data and payment information of high net-worth individuals, it is little wonder why hackers target this sector," said Tim Sadler, CEO at Tessian.

"Through sophisticated phishing attacks, criminals can not only cause significant financial damage but they can also erode public trust in the charity and potentially expose donors’ private interests. With so much at stake, and as phishing attacks grow in frequency and severity, charities need a more proactive approach to email security training.”

It isn't just charities that are at risk, though, as  overall, Tessian found that just one third of UK employees (34 percent) say they regularly receive training about cyber threats on email. 

Over a fifth of respondents (22 percent) say they've never had email security training at their company, with a similar amount (26 percent) say they received training when they first joined but have had nothing further since. 

Even of those that do receive training, just 22 percent said they remembered the knowledge they were given, showing that companies need to ensure their training is much more effective going forward.