Home
Email: office@communityactionnorfolk.org.uk
Call: 01362 698216
Home

Keeping UK Charity Meetings and Webinars Safe from Online Harm

Coronavirus (COVID-19) Click here to read information on the status of Community Action Norfolk's Services. As well as links to other information and advice
This website uses cookies. You can read more about how we use your personal data in our Privacy Notice

17 Mar, 2025by Julie GibsonInformation, advice and guidance

In February 2025, a Charity Excellence online event was attacked by AI bots. Another organisation was hosting the event. The next day, The Sun newspaper wrote about it.

This event was well known, but bot attacks can happen to anyone. Some AI bots can now bypass security checks like Google's ReCaptcha, and as AI improves, these attacks may become more common.

Any charity could become a target, but there are simple steps you can take to stay safe. The biggest risks are not knowing about AI threats and not taking action—but with the right precautions, you can protect your online events.

The Charity Excellence Framework, with the help of Helen Ducker, Operations Manager of PATA, have put together some very useful guidance which aims to help charities protect their online events and use AI Assistants safely. We have summarised some of the main points below.

The Risk of Online Harm to Charities

Online harms can be illegal or harmful but legal. Examples of individual harm include child sexual exploitation, terrorism, hate crime and speech, harassment, cyberbullying, and online abuse. There are also reputational risks, data breaches, and cybersecurity threats. The risk increases when vulnerable individuals, especially children, are present, or if an incident involves extreme or illegal content.

A Risk-Based Approach to Meetings and Webinars

Applying all security measures to every meeting can increase administrative burdens and reduce effectiveness. Security fatigue can also lead to essential measures being ignored.

Use the checklist below to assess your charity’s overall risk and ensure meeting hosts understand when and how to increase security:

  • Cause: Some charities face a higher risk, such as those supporting Jewish, Muslim, LGBTQI+ communities, and women’s groups.
  • Communications: Charities with a significant media or online presence may be at higher risk.
  • Contributors: Larger meetings or those involving vulnerable individuals, such as young people, carry more risk.
  • Circulation: Open-access meetings, particularly those widely promoted, increase vulnerability.
  • Content: Meetings discussing sensitive topics face greater risk.
  • Controls: Weak security settings attract AI bots trained to exploit vulnerabilities
 

Trustee Oversight and Management

  • Choose a reputable platform such as Zoom, Microsoft Teams, or Google Meet.
  • Implement security features like waiting rooms, end-to-end encryption, and controlled screen sharing.
  • Assign responsibility for online safety to a specific individual or committee.
  • Train meeting hosts on security features and incident response.
  • Require registration for webinars.
  • Use unique meeting IDs and avoid publicly sharing links.
 

Spotting Suspicious Registrations/Attendees

  • Look for unusual email addresses (e.g., random characters or misspelled domains: mickeymouse@googlle.com).
  • Encourage real names over nicknames.
  • Be cautious of incomplete or vague registrations.
  • Monitor for patterns such as multiple registrations from the same name but different emails.
 

During the Online Meeting or Webinar

  • Enable waiting rooms to screen participants.
  • Disable screen sharing except for hosts and presenters.
  • Disable annotations to prevent unwanted drawings or comments.
  • Lock the meeting once all expected participants have joined.
  • Assign co-hosts to monitor participants and chat.
  • Watch for suspicious behaviour, such as attendees remaining silent or frequently rejoining.
 

If the Meeting is Hacked

  • Remove the intruder using host controls.
  • Lock the meeting to prevent further breaches.
  • Mute all participants to regain control.
  • Preserve evidence (e.g., time, date, participants, and logs).
  • Avoid saving or sharing extreme content, such as child sexual abuse material, as handling it improperly could be a criminal offense.
  • Report the incident to the platform provider, police (if criminal), charity regulators (if serious), and the ICO (if data is breached).
 

General Best Practices

  • Keep all software updated.
  • Educate participants on safe meeting practices.
  • Use strong, unique passwords and two-factor authentication.
  • Do not share meeting links or passwords openly.
 

Using AI Assistants in Meetings

  • Use reputable AI assistants such as Microsoft 365 Copilot.
  • Enable security settings and limit data access.
  • Use strong passwords and two-factor authentication.
  • Be cautious about sharing sensitive information.
  • Review and redact sensitive content before sharing meeting notes.
 

Regulatory Guidance

ICO: Personal Data Breaches Guide 
Charity Commission: How to Report a Serious Incident 
Understanding and Reporting Online Harms 

Useful Resources

Microsoft Teams Security Settings 
Securing your Zoom Meetings