As nonprofits become more dependent on mobile and digital technologies to fundraise and operate, recent cyberattacks show just how easy it is for hackers to get their hands on valuable information and donations without being noticed. In fact, according to IBM, the average time to identify a cyberattack is 207 days.
To help your organization beef up its cybersecurity game, our team has developed 3 steps that your nonprofit can take in case of a cyberattack:
Engage Your Cybersecurity Vendor
The first step that your nonprofit can take in case of a cyberattack is to engage your cybersecurity team. Remember, not your IT staff, but your cybersecurity team of experts. They will start working on figuring out how to isolate and contain the breach. Most attacks stay hidden for weeks, and sometimes even months, before they’re discovered. The goal here is to stop the threat before it spreads to the rest of your network, affecting more systems and impacting more people.
Inform Staff and Stakeholders:
Inform your staff and stakeholders immediately in the case of a cyberattack and let them know which measures they can take to minimize the impact of this event. It’s also important that you’re transparent and inform them how you plan on handling it.
Depending on the magnitude of the attack, establish a clear channel of communication where you inform staff and stakeholders of any new information regarding the attack. They may be worried that their personal and financial data may have been compromised or shared.
Another measure you might need to take is to report the cyberattack. As some federal and state laws note, organizations are required to report the incident within a certain amount of time. Otherwise, they are liable for legal and monetary consequences for delayed reporting. Talk to your cyber attorney to understand the security breach reporting requirements in your state.
Learn from the incident
Take this as an opportunity to learn, and improve your cybersecurity. In case you didn’t have one, hire a cybersecurity vendor. They will help you conduct audits, security awareness training, and invest in the right security software and hardware to create a culture of security in your organization.
Now that you know 3 steps your nonprofit can take in case of a cyberattack take a look at these resources that might help you step up your cybersecurity game:
Learn how this guide to cybersecurity for nonprofits can support your mission and operations. Use this guide as one of the steps your nonprofit can take in case of a cyberattack
This nonprofit cybersecurity checklist will help you understand where your organization is vulnerable. With our 10 questions learn the steps your nonprofit can take in case of a cyberattack use them as a starting point in your next cybersecurity meeting.
This whitepaper will help you understand what the main differences between IT and InfoSec professionals are. Use this whitepaper as one of the steps your nonprofit can take in case of a cyberattack.
Understand your organization’s current security posture. The knowledge gained through this assessment will help guide the decisions that will need to be made to improve your security and align your risk with acceptable tolerance levels. This assessment is as one of the steps your nonprofit can take in case of a cyberattack and to minimize risks.
Cybercriminals will not go away after the pandemic. In fact, they’re now more emboldened because of the recent successful breaches. Let’s remember, for example, in the UN mega-breach this year, hackers obtained employee credentials from the dark web and performed illegal activities between April and August. While the UN has yet to assess the overall damage in its network, researchers discovered that at least 100,000 employee private records were exposed.
The current COVID-19 related misinformation will continue well after the pandemic. That won’t stop, but the messaging will shift from pandemic information to post-recovery misinformation. For example, during 2021, we saw that there were numerous fake news articles related to the stimulus package. So, you can see that cyber criminals are actually changing their attacks and their phishing messages to align with the current state of the pandemic. Well, we also are seeing cybercriminals offering fraudulent products related to COVID-19, including masks and medicine as we move beyond the pandemic.
Therefore, we encourage all nonprofits to continue to stay vigilant, and for that, we have prepared the five best cybersecurity practices for nonprofits to protect their credentials: