Your Charity. Your Data. Your Responsibility.

Written by Louise Ralston
May 8, 2025 - 4 minute read

Discover why UK charities are turning to Cyber Essentials to protect data, meet governance standards, and boost cyber resilience—especially in remote and hybrid working environments.

Why More Charities Are Getting Cyber Essentials Certified — and Why Remote Setups Need It Most

The UK charity sector is under increasing pressure from cyber threats, and remote or hybrid working models are making the risks even greater. If your charity handles sensitive donor, beneficiary, or employee data, Cyber Essentials certification isn’t just a recommendation — it’s fast becoming a baseline requirement for resilience and trust.

The Wake-Up Call: 2025 Breach Statistics

The UK Government’s Cyber Security Breaches Survey 2025 revealed alarming trends in the nonprofit sector:

  • 30% of charities reported a cyber breach in the past 12 months

  • 86% of those involved phishing

  • The average cost of a serious breach? £8,690

  • Only 75% are identifying cyber risks

  • Just 21% assess third-party/supplier risk

  • Only 39% have a formal cyber strategy in place

As charities embrace remote operations and cloud platforms, these vulnerabilities only increase.

Cyber Essentials: A Simple, Affordable First Step

Cyber Essentials is the UK government’s official certification scheme for cyber resilience. It helps protect against up to 90% of common cyber threats, making it an ideal starting point for remote charities with limited in-house IT capacity.

But how do you implement Cyber Essentials when your team is fully or partially remote?

Step-by-Step: How Remote Charities Can Prepare for Cyber Essentials

1. Appoint a Responsible Cyber Lead

Nominate a trustee or senior staff member to oversee cyber readiness — they don’t need to be technical. Their role is to ensure that essential security steps are followed and that certification stays on track.

2. Build and Maintain an Asset List

You can’t secure what you can’t see. Any device or system that accesses charity data must be tracked.

Create a basic spreadsheet with 3 tabs:

  • Workstations (laptops, desktops)

  • Mobile devices (phones, tablets)

  • Cloud services (email, CRM, file storage)

Track OS versions, update status, software compliance, and multi-factor authentication (MFA) status.

Update this list at least quarterly — team meetings are a great time to check in.

3. Conduct Remote Device Checks

All team devices must meet baseline standards. For laptops and desktops:

  • Firewalls and antivirus must be active

  • Software must be fully updated

  • Admin rights must be restricted

  • Unused or risky apps should be removed

For mobile devices:

  • Lock screens and passwords are essential

  • Devices must be up-to-date

  • Only approved apps for work use

Are you unsure how to assess devices? You can do it over a Teams call or let your Cyber Essentials Assessor guide you.

4. Enable MFA on All Cloud Services

Cloud platforms like Microsoft 365 and Google Workspace must have multi-factor authentication enabled. This is non-negotiable for Cyber Essentials certification.

Track MFA status in your asset list and ensure it’s enforced on all accounts — especially email, file storage, and CRM platforms.

5. Create a Secure Onboarding Process

Every new team member or device should start with:

  • Cyber Essentials-aligned device setup

  • Mandatory security training (passwords, phishing, safe browsing)

  • MFA-enabled access only

This avoids gaps in protection from day one and reduces long-term risk.

6. Certify with Cyber Essentials

Once your charity has completed the basic security measures, it’s time to get certified. Cyber Essentials provides:

  • Independent validation of your efforts

  • Compliance with key cyber governance expectations

  • A trust signal to donors, funders, and the public

Cyber Tec Security offers guided support, jargon-free advice, and a smooth, affordable path to certification.

7. Keep Your Asset List Updated

Security isn’t a one-off task. To stay certified and secure, schedule regular reviews, especially when:

  • New staff or devices are added

  • Roles or systems change

  • Annual recertification approaches

With attacks on the rise and cyber governance under scrutiny, Cyber Essentials gives your charity a clear, certifiable way to show accountability, build resilience, and protect your mission, no matter where your team works.

You don’t need to figure it out alone. That’s why Cyber Tec Security is here — helping charities across the UK confidently and clearly meet today’s cyber expectations confidently and clearly.

Topics: Compliance, Cyber Essentials Plus, Business Security, Cyber Security, Information Security, Remote Working, best practise, Assessment, Governance

author

More by Louise Ralston

Related articles
IASME Cyber Assurance: Your Fast Track to Meeting UK Cyber Governance.

Fast-track your compliance with the UK Cyber Governance Code using IASME Cyber Assurance, providing a structured, certifiable framework for cyber resilience and governance.

Cybersecurity in the Legal Sector: Why Certification Matters

Discover why cybersecurity certifications like Cyber Essentials are crucial for legal firms to protect client data and meet regulatory requirements in an increasingly digital world.

From Boardroom to Breach: Why Cyber Governance Is Now a Leadership Priority

Discover why cyber governance is essential for business leaders and how affordable certifications can enhance security, compliance, and trust without high consulting costs.