As we continue to move through the worldwide disruption caused by the coronavirus pandemic, we are seeing a huge uptick in the number of cyberattacks focused on small and medium-sized businesses (SMBs). What is even more ominous is that many of these organizations and non-governmental organizations (NGOs) or nonprofits that provide much-needed services to underserved populations. The reason more nonprofits are finding themselves in the crosshairs of hackers is that they have the perfect combination of attractive features: they are typically easy to breach because they do not have the resources to stay on the cutting edge of cybersecurity protocols and they handle a lot of sensitive and confidential information.
The lack of cybersecurity policies and strategies among nonprofits is startling. One study showed that more than 50% of nonprofits did not require multi-factor authentication for account logins and many employees are not properly educated about some of the most common hacking techniques such as social engineering scams, phishing attempts, and more. To improve your nonprofit’s data security, you should have basic cybersecurity best practices in place, including regular updates of hardware and software, strong password policies, and access controls.
Cybersecurity Best Practices for Nonprofits
Nonprofits handle a lot of personally identifiable information that is protected by data privacy regulations and laws. Many conduct event registrations or process donations on their website. Others store or share donor and employee information including addresses, driver’s license numbers, social security numbers, and other records. And some also collect information on donor preferences through subscriptions and web pages. All these activities can make your nonprofit a target for cyberattacks. To keep data protected, implement these best practices as a baseline for security:
First, Conduct a Risk Assessment
The first step in protecting data is to understand what data your organization processes and how it is currently stored and handled. Determine which data you really need to collect and who is in charge of maintaining it. Then, uncover whether or not it is really necessary to keep the data and calculate a risk/benefit analysis. Consider reducing the amount of data your organization collects and monitoring the process of storage to minimize risks.
Then, Identify Areas of Confidential Data
You must understand whether the data you are collecting is covered by state or federal data protection regulations and which compliance laws you must adhere to. Some states have specific requirements for data disposal, while the Federal Trade Commission also proscribes rules governing data handling. Even data that seems innocuous, such as collecting seating preferences at events, can be a target for hackers and can cause reputational harm if stolen.
Finally, Identify Risks
The National Institute of Standards and Technology (NIST) provides a framework that can help organizations identify and manage cybersecurity risks and threats. This framework gives you a loose overview of cybersecurity strategies to help manage risks cost-effectively, according to your specific needs and challenges. Currently, there are two initiatives to help nonprofits improve their cybersecurity strategies through the Institute for Security and Technology (IST) and the Global Cyber Alliance (GCA) which can offer recommendations for further protection.
If you are still having difficulty deciding on strategies, ask for help. Many nonprofits have few, if any, in-house IT resources and can benefit from partnering with a third-party managed services provider (MSP) that offers cybersecurity assistance through a comprehensive Managed IT program.
Let Blue Technologies Help Your Nonprofit Stay Secure
Nonprofits are considered low-hanging fruit for hackers. They are often resource-poor and ill-prepared to withstand a cyberattack, yet they handle large amounts of personally identifiable information. Cybercriminals may want access in order to extort money, or they may just want to disrupt business and services or ruin your organization’s reputation. Either way, with threats on the rise, you need to focus on having a comprehensive cybersecurity plan in place.
At Blue Technologies, we have a team of cybersecurity experts within our Managed IT team that have deep knowledge of the evolving threat landscape. With their help, your organization can identify vulnerabilities and weaknesses, assess your risks, and mitigate those risks with a combination of leading-edge technology and knowledge.
Don’t risk your nonprofit’s reputation by leaving your data unprotected. Contact a Blue Technologies consultant and discover how our Managed IT program and cybersecurity solutions can protect your organization today.