Cybercrime is on the rise worldwide and attacks occur across all industries and sectors. Unfortunately, threat actors make no differentiation between nonprofits and for-profit organizations. Nor do they limit attacks to large entities, meaning smaller nonprofits face the same risks as larger ones.
In fact, some security analysts think small organizations might be at greater risk as hackers make the assumption that cybersecurity is not prioritized. And, historically speaking, non-profits do not have the budget for cybersecurity, making them an ideal target.
The sector has seen the fallout from cybercrime. In 2017, Save the Children was attacked twice and unwittingly sent US$1 million to a fraudulent account in Japan.
Above and beyond financial matters, data breaches can mean a serious hit to an organization’s reputation, place beneficiaries’ data at risk, and result in liability if data compliance laws were not followed properly.
With these matters in mind, nonprofits need to up the cybersecurity ante, particularly in 2021’s increasingly fraught threat landscape.
Essential cybersecurity measures for nonprofits
Back in the early days of the internet, an antivirus might have been enough to protect users and computers, but nowadays, with Internet of Things (IoT) enabled devices and vast networks and systems that include cloud and physical storage, an antivirus program needs serious backup.
1. Email scanner
As the name suggests, email scanners trawl through incoming emails and hunt out any suspicious-looking links, malware, viruses, and spam. The tool is essential to any organization as frequently, attacks occur when a staff member engages with a fraudulent email, exactly what happened in one of the Save the Children breaches mentioned above.
Phishing is a form of socially engineered cyberattack in which a hacker uses an email to trick a staff member into granting them access to the company’s systems. Often, the fake email appears to come from another staff member or a senior manager. Like any organization, a nonprofit is subject to phishing attempts.
2. Data and network encryption
Encrypting hard drives to prevent hackers with physical access to computers from garnering any data is a good first step, but it’s not enough. Nonprofits should also consider encrypting their networks and any data in transmission.
Downloading a VPN (Virtual Private Network) onto each device in the office is one way of doing this, but nonprofits can also look into a VPN router that covers all the devices in an office. If you are unfamiliar with what a VPN is, it is a security tool for devices such as phones, computers, and routers. The app keeps data safe by encrypting it and sending it over a private network.
Much like antiviruses, anti-malware tools work to find and quarantine any threats on a device. Unlike antiviruses, however, these programs are more attuned to complex and sophisticated threats. An organization’s antivirus can handle the trojans and worms of old, but anti-malware can do this job and counter modern threats.
That’s not to say an organization should only have anti-malware, rather that it should be used in conjunction with antivirus.
4. Creating a security culture
Besides the software tools above, one of the very best things a nonprofit can do to protect itself in 2021 is to create a culture of cybersecurity. Make sure that everyone in the organization is aware of possible risks and knows that security is a team effort, it is everyone’s job, not just the IT staff.
Education on the risks and staff training can go a long way towards ensuring a secure nonprofit, meaning everyone can get back to work doing what they do best, helping others.