According to a cybersecurity survey conducted by Microsoft, 60% of nonprofit respondents do not know of or do not have a digital data policy for handling cybersecurity risks and protecting data. This metric is concerning considering that hackers attack every 39 seconds, on average 2,244 times per day. Many nonprofits store crucial data including information about clients, donors, volunteers, staff, and corporate partners that needs to be protected.
To better protect your organization, it is important to understand some of the common cybersecurity threats that impact nonprofits and other organizations every day. Below are just a few of the most common ways that hackers breach data.
Malware: Cisco describes malware as intrusive software that is designed to damage and destroy computers and computer systems. Examples of malware include spyware, adware, and ransomware.
Man in the Middle (MitM): The National Institute of Standards and Technology defines a Man in the Middle attack as a cybersecurity threat in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them.
Phishing: According to phishing.org, phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.
SQL Injection: The Open Web Application Security Project (OWASP) defines SQL Injection as an attack that consists of insertion or “injection” of a SQL query via the input data from the client to the application. When SQL Injection is successful, a hacker can read sensitive data from a database, modify data, and execute administrative operations.
Password Attacks: Password Attacks are exactly what the name implies, they are a combination of methods that hackers use to authenticate into password-protected accounts manually or with the help of software.
Learn more about additional forms of cyber-attacks.
According to research conducted by RiskIQ, cyber crimes cost organizations $2.9 million dollars every minute and hackers are evolving their methods for accessing confidential information. In order to stay protected, your nonprofit needs to limit the risk of threats. Luckily, there are a few steps that your organization can take to reduce risk and create a process for managing potential threats. Here are 5.
Establish Access Control Policies and Procedures
The purpose of access control policies and procedures are to manage who, when, and where organizational information can be accessed. This policy is important because it defines levels of access for each employee within your nonprofit and can be instrumental at limiting risk exposure and maintaining security.
Develop and Implement Cybersecurity Policies
Your nonprofit organization cannot expect constituents to abide by cybersecurity best practices and procedures if you do not have policies in place, in writing. These policies can help reduce risk and provide a blue print for how to deal with a cyberattack. Having a policy in place is important for every organization, but, especially important in the nonprofit industry. According to a report, published by The Department for Digital, Culture, Media & Sport, 26% of nonprofit organizations surveyed suffered a cyberattack in 2020.
Consider including these items in your cybersecurity policy:
Here are some additional tips for creating an effective cybersecurity policy.
Invest in Training
Training is an important step that your nonprofit organization can take to reduce the risk of data breaches and create a human firewall. According to research conducted by Standford University, 88% of all data breaches are caused by human error. A few of the benefits of implementing a cybersecurity training program include increasing protection for your nonprofit data, maintaining compliance, boosting employee awareness and confidence, and saving money and time.
Regardless of budget, there are options for nonprofits of all sizes to invest in training and increase their level of security.
Here are some tips from Travelers on what to look for in cybersecurity training.
Use Multi-factor Authentication
OneLogin defines Multi-factor Authentication (MFA) as an authentication method that requires a user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA can be an effective method of protecting your organization from automated attacks. In fact, according to a report, published by Microsoft, two-factor authentication (2FA) blocks 99.9% of automated cyberattacks.
Investing in MFA is a cost-effective step that your nonprofit organization can take to reduce risk.
Another step that your organization can take to protect data and increase security is encryption. Encryption is a security method of encoding data from plaintext to ciphertext and makes data unreadable to anyone without the encryption key.
Learn more about encryption