In today’s digital age virtually everyone is at risk of being the victim of a cyber attack, including non-government organizations (NGOs) or non-profits.
Why do cybercriminals target NGOs and non-profits?
As the founder of an NGO or non-profit you might think your organization won’t be a target for cybercriminals, but the truth is that these organizations hold a vast amount of information that cybercriminals want to get their hands on. NGOs maintain large financial donations and contributions from donors which is an appealing target for hackers. Another motive for cyber attacks on nonprofits could be that they are a great source of email conversations and research which could be valuable on the black market.
Unfortunately, a lot of NGO computer systems have major security concerns, which makes them a high risk for cyberattacks. Cybercriminals are getting away with an unimaginable amount of money or valuable information taken from NGO and non-profit databases. In fact, a survey conducted by the Institute for Critical Infrastructure Technology found that 50% of NGOs have experienced a ransomware attack. Surprisingly, though, given the high percentage of ransomware attacks, less than half of NGOs have a dedicated staff to deal with cybersecurity.
Data security for non-profits doesn’t have to be complicated, there are a few simple steps you can take to help prevent your organization from being the victim of cybercriminals.
1. Identify your weaknesses
A study conducted by Shred-it last year found that employees’ lack of cybersecurity knowledge are one of the direct causes of data breaches in an organization. Employees or volunteers in your organization may unintentionally giveaway valuable information. For example, they may click on a link in an email or download an attachment, or even access a harmful website, which will install malicious software known as “ransomware” on his/her computer. Every NGO or nonprofit should have information security policies in place. Make sure every employee or volunteer is aware of these policies and that they understand how to identify phishing emails.
2. Change passwords regularly
Many of us know the risk for cyberattacks increases when your reuse of have weak passwords, yet very few organizations have rules in place about regularly updating passwords. Unfortunately, cybercriminals prey on this weakness, and it makes it easy for them to hack into your system. When creating passwords, use a combination of letters and numbers with at least one capital letter and a special character. Because non-profit organizations and NGOs regularly have new volunteers or staff members, it would be advisable to change passwords at least every quarter.
3. Keep technology updated
Non-profit organizations and NGOs depend highly on contributions and donations so you may have a small budget but, it’s best to allot money for system updates and patch management.
Patch management is based on a change in computer system programs to update or improve them, including a fix on security vulnerabilities and other bug fixes to improve performance and implement new security features.
It’s also important to replace old hardware. You may not want to spend the money, but doing so now will save you in the long-run.
4. Limit access to information
There are usually new staff members and volunteers in a non-profit organization or NGO. Not all personnel are cautious when it comes to cybersecurity. Some may leave computers unlocked, exposing sensitive information for anyone to access. This may be controlled, though, by informing everyone about their responsibilities in the organization’s cybersecurity. Non-profit organizations may also have additional protection through data encryption where keys will be used to encrypt and decrypt data.
5. Make sure you’re covered
There is a real risk for cyberattacks on non-profit organization – to its donors, and to everyone it serves. You need to regularly manage these risks, including, having the proper insurance. Cyber insurance for NGOs provides security if ever the organization encounters cybersecurity breach. Cyber Liability insurance is available to cover a wide range of security-related claims including data breaches, network failures, and media/content liability. As NGOs and nonprofits collect and store sensitive data, it’s very important that every non-profit is protected.