How Resilient is your Nonprofit to a Cyberattack?

How Resilient is your Nonprofit to a Cyberattack?

Nonprofit organizations can range from local community centers to large-scale operations such as city wide food banks or museums. These organizations are intertwined with the fiber of a community and beyond, often addressing needs that other private businesses can not. However, with all the projects and programs nonprofits support, they are usually run on very tight budgets and limited resources. This makes them an ideal target for cyber criminals.

Many times nonprofit organizations have to choose where to focus their energy and money, and for a large number of these organizations, this focus overlooks cybersecurity and IT infrastructure. The Verizon’s 2020 Data Incident Report states, “Financial gain is the highest motive for External actors, with Web Applications being 39% of breaches. Error among employees is another issue for this sector, particularly with regard to Misconfiguration and Misdelivery. While Credentials are a desirable target, it is Personal data that is most frequently stolen here.” With recent attacks on organizations within the nonprofit sector, such as the recent Blackbaud attack where cyber criminals targeted a financial management platform that supports hundreds of nonprofit organizations, it is now more important than ever to assess if your organization is vulnerable to attack and how to proactively address these vulnerabilities.

Is my Nonprofit Vulnerable?

There are a few immediate questions any director or network administrator can review to assess their current organization’s vulnerability:

  • Do we backup our network frequently?

  • Do we ask employees to frequently change their passwords?

  • Do we require different logins for staff, volunteers, and vendors?

  • Do we have a next-generation firewall monitoring web traffic and potential viruses?

  • Do we have an incident response plan in place in case of a cyberattack?

Answering “no” to one or all of the questions above should raise red flags and cause alarm for any network administrator or IT professional. Nonetheless, some of these can be easily addressed without overburdening department budgets or personnel.

Strengthening your Nonprofit

IT Departments, even with limited resources, can implement foundational strategies to address network security issues and lay the groundwork for future investments. This can be accomplished with the following:

  • Deploy a Next-Generation Firewall: Next-generation firewalls (NGFWs) encompass advanced web filtering, virus monitoring, and application control without overwhelming network administrators. NGFWs build on traditional firewall capabilities and now include deep-packet inspection, intrusion prevention, and adapting to emerging threats.

  • Create a Captive Portal Login System: By using a captive portal system, any user who is trying to access the network will need to provide authorized credentials to do so. Captive portals can also allow network administrators to segment the network between full time staff, volunteers, and vendors. Full time staff, who need access to critical information, will be able to access more sections of the network in comparison to volunteers who may only need access to a single program.

  • Deploy Endpoint Security on all Devices: NGFWs protect the network at the gateway, but endpoint security ensures that all devices at the network edge are also protected. These devices can range from mobile phones, tablets, laptops, or other IoT devices within the office. Deploying an endpoint security solution supports all of the security policies in place when staff are connected on premises and ensures that these devices don’t become a vulnerable opening for cyber criminals to target.

  • Backup Important Data Frequently: Backing up critical data is foundational to any organization. These backups should be kept in a different location inaccessible from the network. These backups will act as an insurance plan if your organization is the victim of a cyber attack, giving the organization easy access to uncompromised data and programs, limited overall downtime and allowing you to forgo paying any ransom demands to restore the system.

  • Provide Continuous Staff Training: IT security systems and policies can prevent a multitude of attacks from reaching the network, but investing in a staff training program can increase the effectiveness of these policies tenfold. Staff, volunteers, supporting vendors, they are all on the front line of these devices and should be able to easily identify suspicious emails or links before they infect a whole network. Teaching staff about how to spot phishing attacks and continuing the conversation about new threats or threat tactics increases their vigilance and easily adds another layer of protection to the network.

How Resilient is your Nonprofit to a Cyberattack?
Nonprofit organizations will remain high value targets for cyber criminals this year and in the years to come. However, this does not mean that nonprofits are idly waiting to be a victim. With foundational, low-cost measures in place, nonprofits can transform from reactive victims to proactive guards of the data they collect. Layering different security tactics and addressing the potential of human error with continuing cyber education, organizations can create a holistic approach to network security.