Nonprofit organizations collect incredibly sensitive information about their members and donors, which can include social security numbers, credit card information, and even medical information. Without proper cybersecurity processes, policies and technology in place, one single breach could create many financial, reputational and organizational problems. Fortunately, there are things that can be done to protect your entire organization and its mission.

Nonprofit organizations (NPOs) are a TARGET for cyber attackers.  Why?

• Limited funding forces them to utilize out dated technology
• In an effort to stretch budgets many do not:
  • Train their staff on the latest cyber threats
  • Require Multi Factor Authentication to log on to their network
  • Monitor their environments for malicious behavior
  • Conduct regular security risk assessments to understand where their blind spots are
• All of these factors make them “low hanging fruit” for cyber attackers

NPOs: The Low Hanging Fruit

Many hackers will seek out and target “low hanging fruit” – organizations with easily exploited vulnerabilities. Many nonprofits still rely on out-of-date legacy systems (such as Windows 7 and Server 2008) that are especially vulnerable to malware or ransomware. Additionally, their employees and volunteers lack the necessary training and technology to detect and protect threats creating huge vulnerabilities for email based attacks. As a result, NPOs are often considered the “lowest hanging fruit”.

By the Numbers:

• 56% of nonprofits don’t require multi-factor authentication (MFA) to log into online accounts.
• 74% of nonprofits do not actively monitor their network environments
• 59% of nonprofits do not provide any cybersecurity training to staff on a regular basis
• More than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
  (From NTEN)

What You Can Do
Threat awareness and a proactive approach to security can go a long way in keeping organizations secure. Here are four things NPOs can do to help stop attacks before they happen:

1. Engage in a cyber-security awareness program – Security awareness is a vital component of effective cybersecurity. In fact, research shows that security awareness training can reduce clicks on phishing links by 70% when delivered with regularity. Understanding hacker practices and motivations can help you predict potential threats and thwart attacks.

Require basic protection controls such as multi-factor authentication (MFA) – Using protective controls such as MFA can greatly reduce your likelihood of falling victim to a successful cyber-attack.  Compromised credentials are easy for an attacker to use against you if a simple password is the only thing standing between them and your valuable data.

Check out our exclusive offerings to TANGO Members by clicking here.