Conchita Garcia, head of special projects for the FSI, discusses the importance of cybersecurity education within the UK’s small charity sector.

On March 1, the UK’s National Cyber Security Centre (NCSC) launched a new guide designed to help small charities improve their cybersecurity.

The publication includes a range of best practices to help charities shore up their digital defenses – quickly, easily, and at little to no cost.

In her foreword to the guide, Helen Stephenson, chief executive of the Charity Commission, notes that charities are not immune to cybercrime, as perpetrators do not distinguish between their victims.

“That is why everybody involved with charities… has a role to play in protecting the charity sector from cyber-related harm,” she said.

One organization that holds a strong interest in helping charities protect themselves against cyber-attacks is the Foundation for Social Improvement (FSI), which offers training, advice, and other services to its small charity members across the UK.

According to Conchita Garcia, head of special projects and communication at the FSI, the newly published guide will help charities push through with their own cybersecurity awareness initiatives.

“The FSI’s Small Charity Index recently showed 63% of small charities include IT security and data protection on their organizational risk register, yet only 20% have carried out cybersecurity awareness raising activities for staff or volunteers, which leaves a potential gap of vulnerability,” Garcia told The Daily Swig.

Echoing the sentiments of the Charity Commission CEO, Garcia said: “Just because [charities] are carrying out valuable work saving lives and supporting communities, they are not immune to cybercrime.

“In fact, as charities they may be more at risk as criminals are looking to take advantage of a perceived trusting nature of those working within charities and the budget restraints many small charities have to support IT functions.”

Essential guidelines

When asked if the FSI had received any reports of hacks against its member charities over recent years, Garcia said: “Anecdotally this is something that we have come across when speaking to our members at the training events and conferences we deliver across the country.”

“We ourselves have also experienced it with phishing emails appearing to come from trustees asking for money transfers, as well as attempts at hacks on our website.”

She added: “We are lucky enough to have the policies and processes in place to help protect our charity, but we know that not all small charities are in the same situation. Especially when demand for support is so high, these charities may not even have the time to check for the obvious signs of phishing.”

In an effort to help maximize the reach of the NCSC’s cybersecurity guidelines for small charities, the FSI is hosting free webinars and training events featuring guest cybersecurity experts.

“The potential implications of an attack on a small charity could be devastating with access to their IT systems lost or funds stolen,” Garcia warned.

“With our Small Charity Index also showing more than a third of respondents are concerned about the security of their organization’s IT, but 49% do not have plans in place to improve the security, the measures within the guidelines are essential to keep charities safe and we would urge all small charities to take action.”


Small charities can benefit from the FSI’s free and heavily subsidised support program by signing up as a member on the organization's website. Membership is free and will provide access to the FSI’s full activity programme of training, conferences, online learning opportunities, and the annual Small Charity Week campaign.