Your Charity. Your Data. Your Responsibility.

Written by Louise Ralston
May 8, 2025 - 4 minute read

Discover why UK charities are turning to Cyber Essentials to protect data, meet governance standards, and boost cyber resilience—especially in remote and hybrid working environments.

Why More Charities Are Getting Cyber Essentials Certified — and Why Remote Setups Need It Most

The UK charity sector is under increasing pressure from cyber threats, and remote or hybrid working models are making the risks even greater. If your charity handles sensitive donor, beneficiary, or employee data, Cyber Essentials certification isn’t just a recommendation — it’s fast becoming a baseline requirement for resilience and trust.

The Wake-Up Call: 2025 Breach Statistics

The UK Government’s Cyber Security Breaches Survey 2025 revealed alarming trends in the nonprofit sector:

  • 30% of charities reported a cyber breach in the past 12 months

  • 86% of those involved phishing

  • The average cost of a serious breach? £8,690

  • Only 75% are identifying cyber risks

  • Just 21% assess third-party/supplier risk

  • Only 39% have a formal cyber strategy in place

As charities embrace remote operations and cloud platforms, these vulnerabilities only increase.

Cyber Essentials: A Simple, Affordable First Step

Cyber Essentials is the UK government’s official certification scheme for cyber resilience. It helps protect against up to 90% of common cyber threats, making it an ideal starting point for remote charities with limited in-house IT capacity.

But how do you implement Cyber Essentials when your team is fully or partially remote?

Step-by-Step: How Remote Charities Can Prepare for Cyber Essentials

1. Appoint a Responsible Cyber Lead

Nominate a trustee or senior staff member to oversee cyber readiness — they don’t need to be technical. Their role is to ensure that essential security steps are followed and that certification stays on track.

2. Build and Maintain an Asset List

You can’t secure what you can’t see. Any device or system that accesses charity data must be tracked.

Create a basic spreadsheet with 3 tabs:

  • Workstations (laptops, desktops)

  • Mobile devices (phones, tablets)

  • Cloud services (email, CRM, file storage)

Track OS versions, update status, software compliance, and multi-factor authentication (MFA) status.

Update this list at least quarterly — team meetings are a great time to check in.

3. Conduct Remote Device Checks

All team devices must meet baseline standards. For laptops and desktops:

  • Firewalls and antivirus must be active

  • Software must be fully updated

  • Admin rights must be restricted

  • Unused or risky apps should be removed

For mobile devices:

  • Lock screens and passwords are essential

  • Devices must be up-to-date

  • Only approved apps for work use

Are you unsure how to assess devices? You can do it over a Teams call or let your Cyber Essentials Assessor guide you.

4. Enable MFA on All Cloud Services

Cloud platforms like Microsoft 365 and Google Workspace must have multi-factor authentication enabled. This is non-negotiable for Cyber Essentials certification.

Track MFA status in your asset list and ensure it’s enforced on all accounts — especially email, file storage, and CRM platforms.

5. Create a Secure Onboarding Process

Every new team member or device should start with:

  • Cyber Essentials-aligned device setup

  • Mandatory security training (passwords, phishing, safe browsing)

  • MFA-enabled access only

This avoids gaps in protection from day one and reduces long-term risk.

6. Certify with Cyber Essentials

Once your charity has completed the basic security measures, it’s time to get certified. Cyber Essentials provides:

  • Independent validation of your efforts

  • Compliance with key cyber governance expectations

  • A trust signal to donors, funders, and the public

Cyber Tec Security offers guided support, jargon-free advice, and a smooth, affordable path to certification.

7. Keep Your Asset List Updated

Security isn’t a one-off task. To stay certified and secure, schedule regular reviews, especially when:

  • New staff or devices are added

  • Roles or systems change

  • Annual recertification approaches

With attacks on the rise and cyber governance under scrutiny, Cyber Essentials gives your charity a clear, certifiable way to show accountability, build resilience, and protect your mission, no matter where your team works.

You don’t need to figure it out alone. That’s why Cyber Tec Security is here — helping charities across the UK confidently and clearly meet today’s cyber expectations confidently and clearly.

Topics: Compliance, Cyber Essentials Plus, Business Security, Cyber Security, Information Security, Remote Working, best practise, Assessment, Governance

author

More by Louise Ralston

Related articles
Would You Survive a Data Breach?

Would you Survive ? Not just recover—but truly survive the financial loss, reputational damage, and regulatory fallout that comes with a cyber attack?

Legal Aid Hack: A Disaster That Cyber Essentials Could Have Stopped.

Legal Aid hack exposed 15 years of data — a breach Cyber Essentials could have stopped. Discover how certification protects legal and public sector supply chains.

Don't need Cyber Essentials ? You're a sitting Duck!

Lets ruffle some feathers about Why UK charities are prime cyber targets!

Copyright © 2025 Cyber Tec Security
contact@cybertecsecurity.com

Cyber Tec Security is a company registered in Jersey. Registered number: 144690.
Registered office: Kensington Chambers, 46/50 Kensington Place, St Helier, Jersey JE1 1ET