Prevention is better than cure: Charity fraud and cyber security

“For most charities it is now a question of when, not if, they are targeted”. These are the sobering words of the Charity Commission speaking of fraud in their recent publication “Tackling Charity Fraud”. Fraud is already thought to cost the charity sector around £2.3bn per year and although thankfully, fraud is still rare in churches, it is not unheard of and at Stewardship we have come across too many for trustees to become complacent. To use one example, a long standing trustee and church member was responsible for administering conferences. He handled this by himself with no one else involved. He “borrowed” around £12,000 to help him through a personally difficult time but did not, and could not, repay it.

The Commission adds that charities are sometimes seen as soft targets and so it is important that fraudsters and the general public see that fraud is being taken seriously.

So what is in the guide?

A good deal of the guide appears to be aimed towards larger charities, but that is not to conclude that smaller charities are not at risk. It certainly highlights practices and procedures that smaller charities and churches can use effectively.

Tackling cybercrime

The guide suggests that the term cybercrime is often misunderstood to mean highly sophisticated targeting including ransomware and hacking, but goes on to say that in the main cybercrime is more likely to be low-tech “cyber-enabled” crimes like theft and forgery.

The report offers some straightforward advice to protect against cybercrime including:

• Strengthen passwords. The latest research suggests that longer passwords (16 characters or more) are more difficult to crack;
• Use a firewall to block unauthorised access;
• Always install software updates;
• Use anti-virus software and keep it up-to-date;
• Backing up your data away from your main computer;
• Controlling how USB drives and memory cards are used;
• Check for obvious signs of “phishing” within e-mails received;
  • Look for spelling and grammatical errors;
  • Is it addressed to you by name or as “dear friend” or “valued customer”;
  • Is it simply too good to be true;

A separate guide “Cyber Security: small charity guide” explains the background to some of the more common cyber related threats and provides a series of tips in many of the areas listed above.

Protecting your information

A data breach can do very significant damage to a charity’s reputation so it is important that churches know what information they hold and why they hold it, and whether in paper or electronic form, that it is stored securely. Interestingly, most breaches are people oriented, (e.g. the theft or loss of papers) rather than system oriented, but with the recently arrived GDPR, this cyber guide is also a useful tool to help you keep electronic data secure.

Common charity frauds

The report highlights common charity frauds and how to prevent them.

Grant fraud

Most churches will have good relationships with those people and organisations which it provides grants to. However, there may still be times when grants are provided to organisations less well known to the church. Here, the advice is simple; do your due diligence. Find out who it is that is requesting the grant and be sure that church funds are reaching their intended targets.

Banking fraud

This is predominantly referring to fraud where banking details have been obtained by the fraudster and used to transfer money out of the charity’s bank accounts. Once again, by following simple steps the chances of this can be reduced.

• Don’t give out banking details over the phone or online unless you are certain that you are speaking to the properly authorised persons;
• Beware of “cold calls” asking for banking details;
• Beware of cold calls from computer software or internet providers claiming that there is some kind of fault with your computer;
• Take care when suppliers change their account details;

Proper banking controls are important in all churches and charities. Please see our paper “Financial controls in churches and small charities” for more information.

Staff and volunteer fraud

The report does not cover the possibility of staff or volunteer fraud, but as unpalatable as it may be these things can, and do, happen in churches. All churches should have simple controls in place, in part to protect the church’s assets and in part to protect people and reputations.

Accountability is not the enemy of trust and neither is good administration the enemy of generosity; but both are essential elements of financial wisdom.