Is Your Nonprofit Protected From a Data Breach?
By now, all organizations, both for-profit and nonprofit, know about the risk of cyberattacks. Why then, would any nonprofit fail to secure its network and digital assets? One reason is cost. Cybersecurity can be expensive. Yet according to IBM’s “2022 Cost of a Data Breach Report,” a data breach in the United States leads to an average $9.44 million loss. Obviously, the average is skewed by cyberattacks on large companies, but it’s possible for nonprofits to lose more than they can afford.
Most attacks are made via phishing schemes, where cybercriminals use email to dupe victims into providing personal information, including login credentials. Phishing emails generally include links or attachments that, when clicked, infect computers with malware that enables fraudsters to access your systems.
Cybercriminals are increasingly using phishing emails to perpetrate ransomware attacks. They gain control of an organization’s network and data and lock legitimate users out. They then hold the data hostage until the victim organization pays a ransom. The criminals might leak some confidential information to the public or on the “dark web” to show they’re serious and to encourage quick payment. Ransomware perpetrators usually release the data after they receive a ransom, but not always.
Proactive strategies for preventing a data breach
Criminals have hacked everything from government agencies to hospitals to large charities, so it’s critical that all nonprofits act defensively and provide training to staffers. Training should cover various phishing schemes and include testing so employees can see how easy it is to fall for scams. Other ways to contain potential cyber threats are:
Look for emails flying red flags
Everyone in your organization should look out for suspicious emails, including messages with a sense of urgency, such as a subject line that says, “Respond ASAP.” Phishing subject lines might include references to upcoming meeting agendas, payroll questions, and password verifications. They may appear to come from HR, tech support, or your executive director.
Phishing messages frequently are peppered with bad grammar and misspelled words. They may use numbers and special characters that look like letters to dodge anti-phishing software and include URLs that are close but not identical to the addresses of legitimate sites.
Use password managers
Your organization should consider using password managers. A surprising number of employees still use easily hacked passwords such as 1234 and PASSWORD. Password managers generate complex passwords and store them for users. At the very least, require employees to come up with difficult passwords and change them frequently. For greater security, implement two-factor authentication. This requires users to log in normally and then confirm their identity via text or phone.
Implement hardware and software updates on a timely basis and stop using programs that are no longer updated and supported by their makers.
We can help with your cybersecurity needs
There are plenty of affordable cybersecurity tools available to nonprofits, so there’s no excuse for you to simply hope your organization won’t be hacked.
Buchbinder’s team of professionals are fully equipped, experienced, and committed to assisting clients with their cybersecurity needs. Buchbinder Information Technology Solutions helps clients assess inherent and residual cybersecurity risks to their organizations and improve the effectiveness of internal controls over sensitive data. Contact us today to discuss your specific situation.
Join Our Newsletter
Sign up to receive exclusive newsletters with the latest information affecting you and your organization.
SHARE THIS POST