How to Make Sure Your Nonprofit is Informed of Future Cybersecurity Threats
There is a lot of demand in the cybersecurity industry, and this is especially true for nonprofits. Nonprofits are often highly vulnerable to cyberattacks because they don’t have the resources to hire full-time IT professionals on staff. This can lead to critical data breaches and security breaches that put both donors and employees at risk.
Cybersecurity is a big deal, but that doesn’t mean you need to be a tech expert to protect your organization. According to Kiersten Todt, the Chief of Staff for CISA (Cybersecurity and Infrastructure Security Agency) in the United States, “The launch of Nonprofit Cyber is an important step in aggregating the tools and resources of global non-profits and making them available to organizations of all sizes, especially small businesses, which are often the target of malicious actors. CISA looks forward to collaborating with Nonprofit Cyber to help our nation, and the world, raise the cybersecurity baseline and promote global resilience.”
One of the best ways of preventing these cyberattacks is by being informed. You can be informed of the latest cybersecurity threats and learn how to protect yourself by following these steps:
Train Your Staff
To keep your nonprofit informed of cybersecurity threats and help you respond to them, it’s important to train your staff so they know when a threat is present and how to report it.
Train your staff on cybersecurity basics. It’s always a good idea for everyone who works at or with nonprofits—not just IT and communications specialists—to understand the basics of cybersecurity. This can help prevent mistakes that could lead to security breaches, such as employees sending sensitive information over email or using weak passwords (such as “password”).
Train your staff on their roles in responding to cybersecurity threats. For example, if an employee suspects a breach has occurred (e.g., their laptop was stolen), this person should know what steps are involved in reporting that incident up through senior management who would then take action by reporting the incident through official channels like law enforcement agencies or insurance companies.*
Train your staff on how best report suspected cyberattacks after they’ve taken place: In many cases, employees won’t know if something suspicious has happened until long after an incident; therefore all nonprofits must have clear protocols in place that outline who should be contacted first when cybersecurity threats arise (whether internally or externally).
Know the CVE System
CVE is a list of common vulnerabilities and exposures, maintained by the MITRE Corporation.
It’s a standard naming scheme for vulnerabilities to help researchers, vendors and users communicate about software flaws.
The goal of CVE is to make it easier to share information among organizations so they can better defend against cybersecurity threats.
The Common Vulnerabilities and Exposures (CVE) system is a dictionary of over 13,000 vulnerabilities, including their names and short descriptions. It is maintained by MITRE Corporation, a U.S. federally funded research and development center that specializes in cybersecurity issues for the government.
Many organizations use CVE to track newly discovered security vulnerabilities in order to prevent them from being exploited by cyber criminals or state-sponsored hackers. The FBI uses it as well as many other government agencies like the US Department of Homeland Security and US Department of Defense (DoD).
Many software vendors also use CVE for their own products because they are more convenient than trying to keep up with all of the individual vendor databases themselves—especially since many vendors now subscribe directly into one central authority rather than maintaining their own records separately (which can lead to discrepancies).
Know What the Cybersecurity Threats Are
As you know, it’s important for your nonprofit to be informed about cybersecurity threats. The first step to staying informed is knowing what threats are out there.
What do you look for? What should you do if you find something? How can you tell when it’s time to bring in an expert or the police?
While there’s no one-size-fits-all answer to these questions, reading up on how cybersecurity works can help give your nonprofit an idea of what the big picture looks like—and what kinds of things might be worth investigating further.
Make cybersecurity a priority for your organization. Start by taking the NIST Cybersecurity Self-Assessment Tool to establish a baseline of where your organization is at when it comes to cybersecurity threats. Then, you can use these two resources from the National Council of Nonprofits to help you develop a plan: 10 Steps to Improve Cybersecurity and the Cybersecurity Checklist. The guide provides common sense steps to improve cybersecurity, while the checklist can be used to check off that those measures have been taken. You might also consider developing a disaster preparedness plan in case, despite all your efforts, a breach or other harm occurs.
To protect your nonprofit, you need to know what makes it vulnerable so that you can take steps to mitigate. You also need to know what assets of yours are at risk and who might be targeting them. This information will help inform the controls and policies that will keep your organization protected from cybersecurity threats.
Next, consider the potential costs associated with each incident of harm that could occur and determine how much money is available for response activities. Finally, have a plan in place for handling all types of incidents as quickly as possible so that any harm done does not become compounded by inaction or delayed response time.
Check for alerts from your operating system vendor
You should also check for alerts from your operating system vendor. Most operating systems will come with a tool that can alert you to new vulnerabilities and tell you whether or not they have been patched. If the tool doesn’t exist, check the website of your operating system vendor for information on updates. Some examples are listed below:
Apple: https://support.apple.com/en-us/HT202858
Microsoft: https://support.microsoft.com/en-us/kb/949104
Look for updates from other software vendors
Next, be sure to keep an eye out for updates from any software vendors you use. If a vendor releases a patch, it’s important that your nonprofit applies it as soon as possible. For example, imagine that your nonprofit uses software by Vendor A called “Virus Protection.” If this update doesn’t come through in your regular inbox, you can search for updates by product name or category on the vendor’s website:
- Virus Protection (or whatever other software is relevant)
- Updates (or something similar)
Once there, look through the available updates and see if any apply to your organization; this should include any relevant notes about the issue and how severe it is. If there are no pending updates listed here, check back often until such an update does appear—you may need to contact your specific vendor if one does not appear within 24 hours of its release date.
Check for reports of attacks against other nonprofits
To protect yourself, you will want to keep an eye out for reports of hacks or other cybersecurity threats that have targeted nonprofits in your area and/or those with similar missions. This can help you make sure your nonprofit is doing all it can to safeguard its data.
Everyone must watch out for cybersecurity threats
It’s not just the IT department that needs to be vigilant about cybersecurity threats. The entire organization should be aware and prepared for them. Cybersecurity should be everyone’s job.
Conclusion
Cybersecurity is a growing concern for nonprofits. But with proper training, awareness and planning, you’ll be able to protect yourself from hackers. By taking these steps, your organization can stay safe online while continuing its mission of service to others.
