Use this page to understand how to protect your charity from malicious software.
Malicious software (malware) can be web content or software. It can harm your data and systems. The most well-known form of malware is viruses. These are self-copying programs that infect legitimate software.
Below are five free things that can help to prevent malware from damaging your organisation. They're all easy to put in place.
Install antivirus software on all computers and laptops. This is often included for free within newer, popular operating systems. When it is, choose 'enable' and you'll be instantly safer.
Make sure to add standalone antivirus software if you have an older operating system. Some of the free versions are as useful as paid for options.
It's not common to run antivirus software on smartphones and tablets. Almost all devices come with active protections against malware (for example, Google Protect). The way people create malware and the way software is installed on these types of devices is different. Only download from official app stores. That'll reduce the risks for most groups and organisations.
Get more advice on antivirus software and other cyber security issues from Charity Digital cybersecurity hub.
You should only download apps from approved stores when using mobile phones or tablets. Stores like Google Play or Apple App Store check the apps for you and provide a certain level of protection from malware. You should prevent people from downloading third party apps from unknown vendors/sources. They won't have had the same checks as those from official stores.
Staff should only have the level of access required to perform their role. Extra permissions should only be given to those who really need them. Use a standard user account for general work. Make administrator accounts so you can give extra permission as needed.
Most organisations should not allow staff and volunteers to 'root' phones and tablets. Rooting is a way of making it possible to add other apps and software in ways that were not originally intended. If you need to use rooting, make sure someone with good knowledge of cyber security puts it in place.
For all your IT equipment make sure all software and device operating system(s) are always kept up to date. Applying updates (known as patching) is one of the most important things you can do to improve security. If it's an option, set operating systems, programs, phones and apps to automatic updates.
Software and device suppliers often end their support for older models. So updates will no longer be available. When this happens you should work out how you can replace them with newer alternatives.
Avoid USB drives or memory cards when transferring files between organisations and people. It only takes one person to plug-in an infected device to cause lasting damage.
Sharing USB drives and memory cards with many people causes problems. It's hard to track what they contain, where they've been and who's used them. You can reduce the likelihood of infection by doing the following.
Make this part of your policies and procedures. Then make sure people understand that it's important.
One way to remove the problem is to make it easier for staff and volunteers to share files online.
Firewalls create a 'buffer zone' between your own network and external networks (such as the internet). Almost all popular operating systems now include a firewall, so you just need to make sure it's turned on.
The National Cyber Security Centre (NCSC) is a good resource for larger teams. Their ten Steps to Cyber Security has more detailed advice on risks. There are sections on:
Last reviewed: 02 March 2021
Help us improve this contentGet regular updates on NCVO's help, support and services