Cyber security and online fraud prevention for community organisations

Community organisations can be impacted by cyber security incidents and fraudulent activity. You should have effective prevention strategies in place to minimise your risk and legal and financial exposure.

Your management committee is ultimately responsible for your organisation's online security and fraud prevention. To ensure your organisation stays safe and secure, you should:

• increase your understanding of cyber safety/security and fraud awareness via education and training
• reduce opportunities for potential misuse
• adopt appropriate controls and protection methods.

Taking a proactive approach to cyber security and fraud prevention will increase your organisation's resilience against malicious threats and crime.

Definitions

'Cyber safety' is the application of safe practices when using the internet to prevent personal attacks or criminal activity.

'Cyber security' is the practice of protecting computers, servers, mobile devices, electronic systems, networks and data from malicious attacks.

Ways to protect your organisation

There are many ways to help protect your organisation against cyber attacks and online fraud.

1. Understand what you need to protect - computer hardware, system software, digital assets, intellectual property (e.g. logos, photos, media releases), and data (including membership information).
2. Assess your organisation's online operations and the associated risks.
3. Implement good policies and procedures for online activity and financial transactions.
4. Have a secure password policy, use strong passwords and change them regularly.
5. Use two-factor authentication.
6. Keep a record of, and limit who has access to, your online systems.
7. Address cyber security and online fraud prevention in your policies and procedures documentation.
8. Regularly back up online data and consider keeping it in the cloud to enable easy data recovery.
9. Install good quality virus protection and keep it up to date.
10.  Develop specific policies and procedures for electronic media use.
11. Have a secure repository of apps and data.
12. Provide appropriate training and education for online systems, cyber safety and security and online fraud prevention.
13. Choose people with experience in using digital technology. 

Aim to develop an organisational culture that takes cyber security and online fraud protection seriously.

Reporting online crime

If your organisation experiences any form of cyber crime, incident or vulnerability, report it on the Australian Government's ReportCyber website or ring the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).

Resources and support

• Australian Government, Australian Cyber Security Centre - strategies to mitigate cyber security incidents, cloud security guidance
• Australian Government, The Australian Charities and Not-for-profits Commission - protect your charity from fraud
• Australian Taxation Office - online security 
• Connecting Up - provides free access for not-for-profits to donated and discounted computer software and hardware and offers reasonably priced webinars for you to learn more about technology and how to use it
• ourcommunity.com.au, Institute of Community Directors and the Commonwealth Bank - Damn Good Advice on Cyber Safety and Fraud Prevention document 
• The Institute of Community Directors Australia (CDA) Policy Bank - provides a range of sample policies you can modify and adopt including fraud risk management, petty cash, acceptable use of electronic media, and credit card/financial transaction cards policies

Related links

• Communication, marketing and technology for community organisations
• Risk management for community organisations
• Attracting and retaining participants
• Facility management information for Council leases and licences
• Managing your community organisation
• Tenure information for Council leases and licences