Cybersecurity attacks are a problem for all types of companies worldwide. Cybercrimes against high-profile businesses seem to get the most press coverage, but that’s because they tend to have more resources for extorters to target and easily outnumber nonprofits. They also seem to report online attacks more than nonprofits.
However, the truth is that nonprofits or any organization that handles confidential data can be hit with cybercrime.
Hackers are always trying to get their hands on the following sensitive information:
- Names
- Addresses
- Social insurance numbers
- Credit card numbers
- Usernames
- Passwords
- Emails
Cybersecurity for nonprofits in the spotlight:
- Over 50% of NGOs have reported a cybercrime of some type.
- A survey in the UK found that 26% of charities faced a cyberattack in 2020.
- Hackers stole $650,000 from One Treasure Island in the United States in 2020.
- Philabundance was tricked into sending $923,533 to cybercriminals in 2020
- Oxfam Australia reported a data breach in 2021, where threat actors accessed supporter information.
- In 2022, hackers sold backdoors into a $2 billion nonprofit and a Californian hospital.
- Several charities across Canada and the United States have been crippled by ransomware attacks in the last few years.
What makes nonprofits a target?
Unsecured Software:
Nonprofits sometimes use unsecured or even pirated software to cut costs. These programs have security vulnerabilities that threat actors can exploit to breach online security.
Always use secure digital tools for your nonprofit.
For example, when looking for good hospice software — use tools that offer secure data management, with user permissions that control who can access client data in a solution that is PIPEDA and HIPAA compliant.
In addition, look for software with a cloud-based access, allowing you to access critical data at any time from anywhere with an internet connection. Not only is cloud-based access more convenient, but it’s more secure. Should disaster like an online attack, weather event, or employee-related issue strike your local systems, you can still access a cloud-based system through the internet.
Financial Data:
Nonprofits sell goods, services, and tickets and process donations and fees. Hackers want to get their hands on the financial data related to these processes.
Sensitive Data:
Nonprofits utilize volunteers and employees to function, storing information for both for paychecks, insurance, perks, and identification. Nonprofits may also complete background checks before accepting volunteers, again storing such information. Of course, nonprofits have members too. All this sensitive data can be stolen and sold by a hacker on the Dark Web or leveraged for a phishing attack.
How can nonprofits focus on cybersecurity?
While all types of organizations collect and store sensitive data, nonprofits usually lack cybersecurity measures to shield it. Thankfully, they can harden their security stance with the right steps. As we mentioned above, using secure software is essential. For example, Silent Partner Software’s donation management software offers 100% IRS/CRA-compliant donation processing, receipting, and reporting with secure access.
Manage Access
Nonprofits must use Constituent Relationship Management (CRM) software that allows them to manage access to sensitive files.
Use your CRM’s settings to segment privilege by the following roles:
- Executive
- Manager
- Staff
- Volunteer
- Donor
- Partner
By restricting privilege, you can prevent people from misusing data or leaking it accidentally.
Invest in Backups
When nonprofits like charities get hit by ransomware attacks, they face multiple problems. In addition to having to come up with an extortion fee, they lose access to sensitive data critical to their operations. Nonprofits should invest in backups to recover quickly from a ransomware attack. Ideally, they should have cloud storage from a reputable service provider with state-of-the-art security. They should also have weekly offline backups on air-gapped systems.
Use Cybersecurity Software
Nonprofits must always use authentic and secure software and download security patches regularly. In addition, they should use cybersecurity software to protect themselves.
- Proactive antimalware software that uses artificial intelligence to stop threats proactively
- Firewall to shield networks
- Corporate Virtual Private Network (VPN) account to protect networks and remote workers on public networks
- Intruder detection systems
- Data encryption tools
Staff education
Numerous studies suggest that most cybersecurity breaches occur due to human error. That’s why it’s wise to educate staff on handling cybersecurity threats and managing sensitive data.
They should learn how to recognize and respond to phishing attacks. When working remotely, they should only use secure and private networks and avoid unsecured public WiFi connections that can be vulnerable to spoofing or man-in-the-middle attacks.
Nonprofits must enhance their cybersecurity measures in an increasingly dangerous digital world. Although cybersecurity attacks can strike all types of organizations, nonprofits are especially vulnerable. They usually carry precious data while having weak cybersecurity protocols. Fortunately, with just a few steps, most nonprofits can meaningfully enhance their online security stances.