Cyber crime is increasing worldwide and attacks are taking place in all industries and sectors. Unfortunately, threat actors do not differentiate between nonprofits and nonprofits. They also don’t limit attacks to large corporations, which means smaller nonprofits are exposed to the same risks as larger ones.
In fact, some security analysts believe that small businesses may be at greater risk because hackers assume that cybersecurity is not a priority. And historically, nonprofits don’t have the budget to spend on cybersecurity, which makes them an ideal destination.
The sector has seen the aftermath of cybercrime. In 2017, Save the Children was attacked twice and unknowingly $ 1 million was transferred to a fraudulent account in Japan.
Beyond financial matters, data breaches can seriously damage a company’s reputation, put beneficiaries’ data at risk, and lead to liability if data compliance laws are not properly followed.
With this in mind, nonprofits need to improve cybersecurity, especially in the increasingly tight threat landscape of 2021.
Basic cybersecurity measures for nonprofits
In the early days of the Internet, an antivirus program may have been enough to protect users and computers. These days, an antivirus with Internet of Things (IoT) enabled devices and extensive networks and systems that include cloud and physical storage has serious backup requirements.
1. E-mail scanner
As the name suggests, email scanners scan incoming email for any suspicious looking links, malware, viruses, and spam. The tool is vital for any business as attacks often happen when an employee pulls up a fraudulent email, exactly what happened in one of the Save the Children violations above.
Phishing is a form of social cyber attack in which a hacker uses email to trick an employee into granting them access to the company’s systems. Often times, the fake email appears to be from another employee or senior manager. Like any organization, a nonprofit is exposed to phishing attempts.
2. Data and network encryption
Encrypting hard drives to prevent hackers with physical access to computers from collecting data is a good first step, but it is not enough. Nonprofits should also consider encrypting their networks and all data in transit.
Downloading a Virtual Private Network (VPN) to every device in the office is one option, but nonprofits can also look into a VPN router that covers all the devices in an office. If you are unfamiliar with a VPN, it is a security tool for devices such as phones, computers, and routers. The app protects data by encrypting it and sending it over a private network.
Similar to antivirus programs, anti-malware tools can find and quarantine threats on a device. Unlike antivirus programs, however, these programs are more tailored to complex and sophisticated threats. A company’s antivirus can handle the Trojans and worms of the old days, but anti-malware can do this job and counter modern threats.
This does not mean that an organization should only have anti-malware, but that it should be used in conjunction with antivirus.
4. Creation of a safety culture
Along with the software tools mentioned above, one of the best things a nonprofit can do to protect itself in 2021 is to create a culture of cybersecurity. Make sure everyone in the organization is aware of potential risks and knows that safety is a team effort. It’s everyone’s job, not just the IT staff.
Educating and educating people about the risks can go a long way in ensuring a safe nonprofit organization. This means everyone can get back to work doing what they do best and helping others.