CYBERSECURITY ON A BUDGET: PROTECTING NONPROFITS

By now, every nonprofit organization has heard the warning; cyberattacks are on the rise. As hackers employ more nefarious means to create digital chaos, nonprofits need to prioritize cybersecurity across their operations.

Several factors contribute to cybercriminals making targets of nonprofits. Foremost among these factors is the very nature of operating as a nonprofit, which typically means the resources available to focus on a comprehensive cyber defense are not unlimited. Volunteers also leave a nonprofit vulnerable as they often receive little, if any, cyber security training and as such present hackers with a potential window to the entire network. To properly address these issues, nonprofits need to be diligent.

Cybercriminals most commonly use tactics known as phishing and ransomware attacks. Ransomware is when a cybercriminal accesses data and demands money in exchange. These attacks can cost an organization anywhere from a few hundred dollars to many millions. A phishing scheme is when a criminal poses as a member of the victim organization via email in attempt to gain access to the network or convince the receiver to release information or money.

We recently saw an attack where through a phishing scheme, the criminals connected a large invoice account number to their own account number. When the organization went to pay the invoice, they actually paid the criminals. The truth is, with a little bit of additional training, the hacker could’ve been identified and stopped before any damage was done. Let’s look at a few ways nonprofit organizations can increase their cyber defense. 

PASSWORDS

All organization personnel should be trained on strong password best practices. Passwords should be at least 10 digits long (no shorter than eight digits) and include numbers, letters and symbols. Nonprofits should also require multi-factor authentication to increase the level of defense if someone were to access the password.

RECOGNITION

Training nonprofit personnel and volunteers on how to recognize a phishing attempt or other malicious behavior will help the organization identify and address vulnerabilities ahead of a potential attack. Training should include how to triple check account numbers before sending payments, paying attention to irregular language in an email and checking for external email addresses. If all personnel know how to identify and report discrepancies, the organization will have a greater understanding of its vulnerabilities.

INSURANCE

Even with a strong cyber defense, hackers are finding new ways every day to access nonprofit networks and wreak havoc on the organization’s financials and reputation. Cyber insurance can help make sure when attacks do happen that nonprofits have the proper policy in place offering coverages that include breach response services, cyber liability, business interruption, and ransomware payments.

As the threat of cybercrime continues to grow, nonprofits must be proactive and get creative to adequately protect their organizations. Consider consulting an insurer who specializes in nonprofit cybersecurity to ensure your organization is taking the best steps within its budget.