General Election 2024

Read our updates on issues relevant to charities for the upcoming election. Learn more

Protecting your charity from malware

This page is free to all

Use this page to understand how to protect your charity from malicious software.

Malicious software (malware) can be web content or software. It can harm your data and systems. The most well-known form of malware is viruses. These are self-copying programs that infect legitimate software.

Below are five free things that can help to prevent malware from damaging your organisation. They're all easy to put in place.

Install (and turn on) antivirus software

Install antivirus software on all computers and laptops. This is often included for free within newer, popular operating systems. When it is, choose 'enable' and you'll be instantly safer.

Make sure to add standalone antivirus software if you have an older operating system. Some of the free versions are as useful as paid for options.

It's not common to run antivirus software on smartphones and tablets. Almost all devices come with active protections against malware (for example, Google Protect). The way people create malware and the way software is installed on these types of devices is different. Only download from official app stores. That'll reduce the risks for most groups and organisations.

Get more advice on antivirus software and other cyber security issues from Charity Digital cybersecurity hub.

Prevent trustees, volunteers or staff from downloading dodgy apps

You should only download apps from approved stores when using mobile phones or tablets. Stores like Google Play or Apple App Store check the apps for you and provide a certain level of protection from malware. You should prevent people from downloading third party apps from unknown vendors/sources. They won't have had the same checks as those from official stores.

Staff should only have the level of access required to perform their role. Extra permissions should only be given to those who really need them. Use a standard user account for general work. Make administrator accounts so you can give extra permission as needed.

Most organisations should not allow staff and volunteers to 'root' phones and tablets. Rooting is a way of making it possible to add other apps and software in ways that were not originally intended. If you need to use rooting, make sure someone with good knowledge of cyber security puts it in place.

Keep all your IT equipment and software up to date (patching)

For all your IT equipment make sure all software and device operating system(s) are always kept up to date. Applying updates (known as patching) is one of the most important things you can do to improve security. If it's an option, set operating systems, programs, phones and apps to automatic updates.

Software and device suppliers often end their support for older models. So updates will no longer be available. When this happens you should work out how you can replace them with newer alternatives.

Control how people use USB drives (and memory cards)

Avoid USB drives or memory cards when transferring files between organisations and people. It only takes one person to plug-in an infected device to cause lasting damage.

Sharing USB drives and memory cards with many people causes problems. It's hard to track what they contain, where they've been and who's used them. You can reduce the likelihood of infection by doing the following.

  • Using antivirus tools.
  • Only allowing people to use approved USB drives and memory cards within your charity. Prohibiting their use in other devices (such as home computers).
  • Asking trustees, volunteers or staff to transfer files in other ways.
  • Blocking access to the physical ports (such as USB ports) on the devices your organisation owns.

Make this part of your policies and procedures. Then make sure people understand that it's important.

One way to remove the problem is to make it easier for staff and volunteers to share files online.

Switch on your firewall

Firewalls create a 'buffer zone' between your own network and external networks (such as the internet). Almost all popular operating systems now include a firewall, so you just need to make sure it's turned on.

Find out more

The National Cyber Security Centre (NCSC) is a good resource for larger teams. Their ten Steps to Cyber Security has more detailed advice on risks. There are sections on:

This page was last reviewed for accuracy on 02 March 2021

Back to top

Sign up for emails

Get regular updates on NCVO's help, support and services