March 16, 2023 / bracketmedia

In 2022, cyberattacks increased by 38% globally. Hackers are increasing their efforts, becoming more creative and profiting from the theft of sensitive information or funds from organizations across the world. Many nonprofits believe they are unlikely or uninteresting hacker targets. However, these same nonprofits are often working with less money, and in turn, less cybersecurity, which makes them an easier target for hackers. As such, nonprofits need to be diligent in protecting their data for the sake of their employees, volunteers and those they serve.


When approaching data security, nonprofits should consider the greatest possible financial damage they might experience at the hands of an experienced hacker. Working from a worst-case scenario, organizations should implement a basic data security plan that includes, at minimum, network security and scans, multi-factor authentication requiring complex passwords and frequent back-ups as well as a response plan in the event of a breach, complete with designated points of contact. Nonprofits can also recruit a third-party data security service, however that can be a costly endeavor. Luckily, several free software products are available to assist with scans, password safekeeping, backups and updates. Once a plan is in place, all employees and volunteers need to be trained on the plan, how to recognize a cyber breach attempt and report it, as well as undergo regular cyber training thereafter to ensure they are aware of how to mitigate risks themselves.


There are a few tactics that hackers use regularly to infiltrate organizations information systems and wreak havoc:


Hackers “phish” for information by creating an email alias that looks like it is coming from a higher up or decision-maker within the organization and requests passwords or account numbers via email. A password vault can help ensure all authorized personnel have equal, secure access to information such as passwords, eliminating guess work when someone receives a phishing email.


When a hacker installs software in an information system to block users from accessing data until a sum of money, or ransom, is paid this is called ransomware. A password vault can also help limit ransomware risks because if a hacker accesses a password, they can easily install ransomware.


Invoice manipulation happens when hackers infiltrate a nonprofit’s invoicing email, replacing the information with a false invoice and bank account number so that the hacker receives the funds instead of the organization. For these cases, nonprofits will want to make sure an Invoice Manipulation endorsement is included in their insurance policy, otherwise the organization may not be eligible for any insurance reimbursement.


Nonprofits cannot afford to have a weak cyber defense with the potential of devastating financial ruin or a leak of residents’ sensitive information on the line. By taking a thorough look at their cyber risks and implementing some low to no cost tools, nonprofits can protect their employees, volunteers and residents from falling victim to a costly and damaging cyber breach. Regarding insurance coverage, nonprofits should have a standalone cyber policy in place that can assist with breach response services, business interruption, data destruction, crisis communications services and more. An insurance professional can help ensure the policy includes the correct coverages and endorsements.

Begin by speaking to an insurance professional who specializes in nonprofit data security today.

Let's talk

You can count on LAMB to do the right thing in support of your mission.