How the British Red Cross takes a people-first approach to security

The British Red Cross sees cybersecurity as critical to protecting the people it serves. Here's how they help the entire organization understand that.

A businessman holds a red woolen heart surrounded by abstract binary circuits.
Palo K. / Mustafa Hacalaki / Getty Images

According the to the UK Government’s 2019 Cyber Breaches study, over half of charities with annual income of more than £500,000 had identified breaches in the previous year. Because of the public nature of charities, many of these attacks have made headlines. In January 2020, British housing charity Red Kite lost almost £1 million when attackers spoofed its domain and acquired email details of “known contacts providing services to Red Kite”.

Last year, St. John’s Ambulance was subject to a ransomware attack on its training course booking system, and the Bible Society was fined £100,000 by the ICO after attackers were able to access the personal data of over 400,000 society supporters. In 2018 Cancer Research UK was hit by a Magecart attack not long after the same attack struck British Airways.

It’s not surprising, then, that the British Red Cross (BRC) is balancing its digital transformation efforts with protecting its volunteers, staff and the people it is helping.

Securing digital transformation in charities

As a humanitarian charity, BRC aims to help people at home and abroad, providing emergency services and first aid to those in need, running first aid training courses, and helping refugees and victims of trafficking. As with many charities, the British Red Cross has undergone various digitization initiatives to keep up with how it recruits volunteers, receives donations, and helps people. However, digital transformation comes with risk.

To continue reading this article register now

Microsoft's very bad year for security: A timeline