Cybercrime has become one of the fastest-growing crimes in recent years. According to the FBI, there was a 50% increase in reported data breaches between 2014 and 2015 alone. As a result, organizations are increasingly vulnerable to cyberattacks as they continue to grow and expand their online presence.
Cybersecurity becomes increasingly essential as we move into a world where technology plays a significant role in our lives. Yet, according to the Ponemon Institute, nearly half of all data breaches occur in Non-Profit organizations.
Why are Non-Profits Prone to Cybersecurity Attacks?
While there are many reasons why Non-Profit organizations may be targeted by hackers, the main reason is that they tend to hold sensitive information. They also tend to be smaller operations with fewer employees and lower budgets.
Non-Profits may not have dedicated IT staff or security professionals who could protect them from potential cyber threats. Additionally, Non-Profit organizations rely heavily on volunteers and interns to maintain their websites and social media accounts. Unfortunately, these individuals may lack training and experience in cybersecurity, making them even more vulnerable to cyberattacks.
What are the Most Common Cyberthreats for Non-Profits?
According to the Ponemon Institute, the three most common cyberthreats for Non-Profits today are data theft, ransomware, and forced downtime. Keep reading to find out about each in more detail below.
1. Data Theft
Non-Profit organizations lose sensitive personal information such as Social Security numbers, financial records, donor lists, and employee files to data theft. Therefore, they must ensure that all personally identifiable information (PII) is protected. PII includes names, addresses, phone numbers, email addresses, dates of birth, credit card details, driver’s license numbers, and any other information which can be used to identify individuals.
While some organizations store PII in databases, others keep it on paper documents. Either way, if someone gains access to those materials, they could steal valuable information. For instance, a hacker might use stolen credentials to log into a database and download confidential information. Or they might copy a document containing PII and send it out via email.
In addition to protecting PII, organizations need to secure their physical premises. For example, thieves could break into an office building and steal laptops, tablets, smartphones, and other devices. They could also gain access to servers and network equipment. Once inside, hackers could install malware onto the device and then use it to attack another organization.
2. Ransomware
This form of cyberattack locks up computers until victims comply with ransom demands. Victims are usually asked to pay a fee before the malicious code is removed. Some ransomware programs encrypt files on infected machines, while others delete everything except a ransom note.
Once a computer becomes infected, the attacker can demand payment using a variety of methods, including Bitcoin wallets, prepaid cards, gift cards, wire transfers, and PayPal. If a victim doesn’t pay the ransom, the attacker may hold the machine hostage indefinitely. That means no work gets done, and no new emails get sent. Eventually, the system runs out of memory and crashes.
3. Forced Downtime
Forced downtime is when hackers shut down entire networks or disable critical systems. For example, a hack can cause a company’s website to crash, rendering it inaccessible to visitors. Hackers can also shut down entire networks or render them unusable. An outage could prevent customers from accessing important business functions such as payroll, accounting, customer support, and billing.
5 Best Practices to Prepare Your Non-Profit Against Cyberattacks
Cybersecurity threats continue to grow exponentially. According to Verizon’s 2018 Data Breach Investigations Report, cybercrime costs organizations $6 trillion annually worldwide. While according to the U.S. Department of Homeland Security, there were over 1 billion malware infections in 2017 alone.
However, there are steps that Non-Profit organizations can take to reduce their risk of becoming targets of cybercriminals. For example, they should educate themselves about cybersecurity best practices and implement strong passwords with two-factor authentication while also regularly updating their operating systems and applications.
As a Non-Profit organization, cybersecurity is critical to protecting your mission and ensuring the safety of your donors. But many Non-Profits aren’t prepared for a major breach. This section will discuss best practices for preparing your Non-Profit against cyberattacks. But first, we’ll cover some best practices to prepare your Non-Profit against cyberattacks.
1. Ensure Backups for Critical Data and Systems
While it may seem obvious, ensure that your Non-Profit has regular backups of all important files and databases. For instance, if you store sensitive donor information online, back up those files regularly.
Backup files should be stored off-site, preferably in multiple locations. For instance, if your Non-Profit uses Microsoft Office 365, back up your documents using OneDrive. Store them in the cloud, but keep copies on local servers.
2. Keep Your Software Updated
It goes without saying that keeping your software updated is essential. Updating your software helps prevent security vulnerabilities from being exploited. Make sure you regularly check for updates to your operating system, antivirus programs, and third-party applications.
However, updating your software isn’t just a matter of installing patches and updates—it’s also about being proactive about security. For example, if you use Microsoft Office 365, you should update your Word, Excel, PowerPoint, Outlook, OneNote, and Publisher versions. In addition, other popular programs such as Adobe Acrobat Reader, Adobe Flash Player, Java Runtime Environment, and Shockwave Player should also be kept current.
3. Avoid Phishing Scams
Phishing scams are among the most common ways hackers attempt to steal personal information. It involves sending emails that appear to come from trusted sources, asking recipients to take a certain action. These emails usually contain links to websites that ask recipients to enter their login credentials.
To avoid falling victim to a scam, always check the sender’s address before clicking any link in an email. Also, never give out your password or financial information via text message or social media.
4. Train Your Staff
Training employees to recognize and respond appropriately to cybersecurity incidents is critical. Educate everyone with access to essential data about the importance of protecting their network and data. Train your team on cybersecurity best practices if you’ve hired new employees recently.
Ensure they know not to open attachments from unknown senders and that they shouldn’t click on links embedded in unsolicited messages. You can also hire a dedicated IT Support team or person to help your Non-Profit fight cyberattacks.
5. Protect Your Donor Data
Donors expect their contributions to go toward specific purposes. But hackers could use stolen donor information to impersonate donors and divert funds to fraudulent activities. So be vigilant about keeping your database clean and make sure only authorized people have access to donor records.
Keep donor records secure and confidential to protect their privacy while using strong passwords and two-factor authentication. In addition, don’t share your username and password with others. Only use unique usernames and passwords for each account. Also, encrypt your database using tools like FileVault, VeraCrypt, or another suitable program.