Why Nonprofits Must Take Cybersecurity Seriously

November 24, 2020
cyber-nonprofit-data

These days, no organization is immune to cyberattacks, and that includes nonprofit organizations. Cyberattacks have been on the rise, especially due to the pandemic’s remote work requirements. If your nonprofit organization isn’t proactive about cybersecurity, you might end up being the next target.

A recent study by NTEN.org found that nearly 60% of nonprofit organizations fail to provide regular cybersecurity training to their teams and 68% do not have policies and procedures in place in case of a cyberattack.

Hackers Are After Your Data

Many cyber attacks involve personal data, which can be used to commit identity theft and sold on the dark web.

Your nonprofit likely has a substantial amount of valuable data, including names, email addresses, and credit card numbers. Furthermore, your organization is responsible for taking the precautions needed to keep this information safe. If this information is breached, the consequences can be significant:

  • Your organization may experience financial losses due to the time and resources needed to comply with breach notification laws, as well as possible costs related to liability and regulatory fines.
  • Your organization’s reputation may be tarnished. For example, donors whose information was stolen might lose trust in your organization’s security and decide against supporting you again in the future.

They Also Want Your Money

A variety of phishing and business email compromise schemes can lead to circumstances in which your own employees unknowingly give your money to people posing as known contractors and partners. In one prominent case, Portland Public Schools was almost scammed out of $2.9 million. These scenarios are more common than you might expect.

Ransomware Attacks Can Hit Nonprofits, Too

Ransomware attacks have become common in recent years, and hackers are demanding larger and larger ransoms. If your organization is hit with a ransomware attack that encrypts your files, you may not be able to continue operations until your files are restored, and some ransomware attacks threaten to leak the information to the public. You could also be impacted by attacks that target your vendors or partners.

In one cautionary tale, a cyberattack targeted Blackbaud Inc., a cloud services provider that serves many nonprofit and higher education organizations. According to CPO Magazine, Blackbaud paid the ransom (something the FBI advises against), but the hackers appear to have taken some of the personal data anyway. In another example, a nonprofit shelter in Massachusetts was targeted.

Protect Your Organization

  • Practice strong cybersecurity. Use secure networks, strong passwords, up-to-date operating systems, anti-virus software, encryption, and other basic security measures. Have a cybersecurity professional assess your organization for potential weaknesses.
  • Remind everyone in your organization to be cyber smart. For example, your organization should provide training for employees and volunteers on how to identify phishing attacks and suspicious links, as well as reminders on updating programs and keeping passwords secure. Also, create policies to ensure that portable devices are secure.  
  • Ensure that any third-party providers with access to your organization’s data are also using strong cybersecurity practices. Include cybersecurity responsibilities, cyber insurance, and notification requirements in your contracts.
  • Create a disaster response plan for cyberattacks. Your plan should address the steps needed to mitigate the risk, notify those who are impacted and restore computer systems so operations can resume.

Have questions about your cyber liability coverage? Contact your Heffernan Insurance Brokers agent for assistance. Our nonprofit team is here to help!