Protecting Your Nonprofit from Data Breaches
January 18, 2023

By now, all organizations — for-profit and nonprofit — know about the risk of cyberattacks. Why then, would any nonprofit fail to secure its network and digital assets? One reason is cost. Cybersecurity can be expensive. Yet according to IBM’s “2022 Cost of a Data Breach Report,” a data breach in the United States leads to an average $9.44 million loss. Obviously, the average is skewed by cyberattacks on large companies. But it’s possible for nonprofits to lose more than they can afford.

Phishing Evolves

Most attacks are made via phishing schemes, where cybercriminals use email to dupe victims into providing personal information, including login credentials. Phishing emails generally include links or attachments that, when clicked, infect computers with malware that enables fraudsters to access your systems.

Increasingly, cybercriminals are using phishing emails to perpetrate ransomware attacks. They gain control of an organization’s network and data and lock legitimate users out. They then hold the data hostage until the victim organization pays a ransom. The criminals might leak some confidential information to the public or on the “dark web” to show they’re serious and to encourage quick payment. Ransomware perpetrators usually release the data after they receive a ransom — but not always.

Acting Proactively

Criminals have hacked everything from government agencies to hospitals to large charities, so it’s critical that all nonprofits act defensively and provide training to staffers. Training should cover various phishing schemes and include testing so employees can see how easy it is to fall for scams. Other ways to contain potential cyberthreats are:

Look for emails flying red flags. Everyone in your organization should look out for suspicious emails, including messages with a sense of urgency, such as a subject line that says, “Respond ASAP.” Phishing subject lines might also include references to upcoming meeting agendas, payroll questions and password verifications. They may appear to come from HR, tech support or your executive director.

Phishing messages frequently are peppered with bad grammar and misspelled words. They may use numbers and special characters that look like letters to dodge anti-phishing software and include URLs that are close, but not identical, to the addresses of legitimate sites.

Use password managers. Your organization should consider using password managers. A surprising number of employees still use easily hacked passwords such as 1234 and PASSWORD. Password managers generate complex passwords and store them for users. At the very least, require employees to come up with difficult passwords and change them frequently. For greater security, implement two-factor authentication. This requires users to log in normally and then confirm their identity via text or phone.

Stay current. Implement hardware and software updates on a timely basis and stop using programs that are no longer updated and supported by their makers.

No Excuse

There are plenty of affordable (if not free) cybersecurity tools available to nonprofits. So there’s no excuse for you to simply hope your organization won’t be hacked. Contact us for more information about protecting your assets.

© 2022

 

You might also like

Help Donors Help Your Nonprofit with a Planned Gift

Help Donors Help Your Nonprofit with a Planned Gift

Most established nonprofits are already equipped to solicit and accept planned gifts. But if your nonprofit is new to planned giving and doesn’t yet understand the long-term advantages of deferred gifts, it’s a good time to get up to speed. You’ll likely need to...

read more
Want to Boost Income? Consider a For-Profit Subsidiary

Want to Boost Income? Consider a For-Profit Subsidiary

Just because you run a nonprofit organization doesn’t mean you can function on low or no income. Although your nonprofit’s tax-exempt status prohibits certain money-making activities, you may be able to create a for-profit subsidiary that isn’t hampered by such...

read more
Don’t Let IRS Compliance Issues Drag Down Your Nonprofit

Don’t Let IRS Compliance Issues Drag Down Your Nonprofit

In recent years, the IRS has increased its scrutiny of tax-exempt organizations. Most nonprofits that fail to file Form 990 for three consecutive years will have their exempt status revoked automatically. The IRS is also cracking down on nonprofits that don’t properly...

read more