Cybersecurity services for nonprofits are a must in this day and age. These organizations store a significant amount of sensitive information about their donors, staff, and volunteers, which makes them a prime target for cybercriminals. Unfortunately, their lack of cybersecurity culture contributes to increased chances of becoming victims of a cyberattack. In fact, during the COVID-19 pandemic, ransomware attacks increased by 500% when compared to 2019.
With this scenario in mind, it’s helpful to have a broader understanding of how cybersecurity services for nonprofits can contribute to their mission and goals as an organization. To explain this, we’ve put together a 2022 guide to cybersecurity for nonprofit organizations.
1. Cybersecurity Services For Nonprofits: Managing The COVID-19 Crisis And Recovery
You may be tired of reading news about COVID-19, but the impact that the pandemic has had in the cybersecurity world is undeniable. In fact, according to CheckPoint, 71% of cybersecurity professionals have reported a rise in cybercrime since 2020.
For nonprofits, this new scenario means stepping up their cybersecurity game in order to keep hackers at bay.
2. Cybersecurity Services For Nonprofits: Facts and Figures
No matter the size, all organizations can become victims of a cyberattack. Take, for example, the United Nations, which were targeted by a credential stuffing attack back in April 2021. Cybercriminals used stolen credentials from a UN employee to damage part of the organization’s network. These ill-intended users managed to stay active for 4 months and lifted data that could be used to target other UN agencies.
To minimize the occurrence of incidents like the one mentioned above, here are 4 fronts to cover when hiring cybersecurity services for nonprofits:
Basic Web Application Attacks
According to the 2021 Verizon Data Breach and Investigation Report, Basic Web Application attacks represent 90% of incidents. These attacks happen when ill-intended users take advantage of existing vulnerabilities to access a server or database.
When users log in, they enter sensitive information without knowing the website has been compromised. For nonprofit organizations, web-based attacks can mean that their donors’, staff’s, and volunteers’ personal information, such as names, Social Security Numbers, credit cards, or medical information might become public, therefore causing a negative repercussion on the organization’s reputation and credibility to host sensitive information.
Lack of Multi-Factor Authentication (MFA)
A survey carried by the Nonprofit Technology Network (NTEN) highlighted that 55.6% of nonprofit organizations don’t require MFA to log into accounts. An MFA process requires users to authenticate through more than one step of their identity before accessing an account. A common example of MFA is logging in with a password and with a code sent to another device.
The cyberattack to the United Nations mentioned earlier could have easily been avoided, had they used an MFA process. In this case, the lack of an MFA allowed cybercriminals to hack the employers’ credentials and freely use the UN’s network.
Unsecured Personal Devices
In the same survey, the NTEN found that 71% of staff used unsecured personal devices to access organizational emails, servers, and files. While working from home is now more the norm than the exception, this scenario has opened the doors for hackers to target unprepared users. Therefore, at the bare minimum, keep strong and unrepeated passwords and have an updated antivirus to minimize incidents.
Lack of Cybersecurity Policies and Procedures
A staggering 68.2% of nonprofit organizations don’t have a pre-existing policy and procedure in the occurrence of a cyberattack. Having a set of rules and procedures is of paramount importance due to the financial and informational damage an attack can cause. According to Verizon’s DBIR Report, 89% of incidents are financially motivated and can cost from $826 to $653,587.
Even worse can be the damage to your reputation with donors. Cybersecurity policies and procedures also help the public image and credibility of your organization. If the sensitive information of your donors becomes public, there might be the risk of facing legal consequences and reputational damage.
As a nonprofit, your donors are the key to keeping your mission and operations running. Having a Cybersecurity policy in place can help your organization better navigate the occurrence of an attack. Here are 3 must-haves to include when hire cybersecurity services for nonprofits:
Here is What to Include in Your Cybersecurity Policy
1. Acceptable Use of Policy (AUP)
This document provides a detailed process on how to safely access your nonprofit’s system and network. This type of document will be helpful for new and old staff/volunteers to keep the cybersecurity culture of your organization.
Remember that inadvertent users may jeopardize your network system, which can damage your nonprofit’s hard work to fulfil its mission.
2. Data Breach Response & Recovery Plan
This part of your policy action plan will outline what measures to take in case of a cyberattack, while continuing to normally operate. Additionally, it provides detailed information on potential threats for your organization and how to ensure recovery after a cyber disaster.
3.Remote Access Policy
In the era of remote work, having a Remote Access Policy is a must-have. This section of your policy action plan will guide users on how to safely navigate through your server. In the long run, your nonprofit can end up saving money from this policy; as according to Verizon, a data breach can easily cost $800,000.
Additional Resources:
This report will give you a more in-depth insight into the state of cybersecurity practices and vulnerabilities in the nonprofit industry.
Learn more about this data breach and its consequences.
Have an in-depth view of the latest cybercrime trends and vulnerabilities experienced in the world.
Learn more about Cybercrime during COVID-19.
This Guide will help you understand how cybersecurity services for nonprofits can support your mission and operations
This checklist will help you understand where your organization is vulnerable. Use this as a starting point in your next cybersecurity meeting.
Understand your organization’s current security posture. The knowledge gained through this assessment will help guide the decisions that will need to be made to improve your security and align your risk with acceptable tolerance levels.
