Cybersecurity: What Non-Profits Need To Know About Hardening Defenses

A misconception persists that hackers primarily target large corporations hoping for big paydays. Splashy headlines such as 2021’s Colonial Pipeline ransomware attack made national news after digital thieves shut down fuel distribution along the Eastern Seaboard and stole $4.4 million. Our experience supports the idea that hackers won’t waste their time and energy on small businesses, particularly non-profit organizations. What everyday people might not learn watching cable news are the following facts.

  • More than 50 percent of cyberattacks target small to midsize organizations.
  • Only 14 percent of small organizations are prepared to prevent a data breach.
  • Security breaches have increased by 67 percent since 2014.
  • A ransomware attack on organizations occurs approximately every 11 seconds.

Studies also indicate that employees in 47 percent of organizations have mistakenly downloaded a malicious app at least once. Those are reasons more than two-thirds of industry leaders feel their risk of suffering a breach has increased.

Truth be told, hackers sitting in a café halfway around the world ply their nefarious skills to maximize profit. Many prefer not to spend weeks or months trying to penetrate robust cybersecurity defense. It’s typically more lucrative to scour the internet looking for vulnerable systems and pluck the low-hanging fruit.

How Do Hackers Breach Non-Profits?

It’s important to understand there are different levels of cybercrime skills. Those sometimes called Advanced Persistent Threats possess the knowledge and tools to penetrate the most hardened defense, including the federal government. It’s unlikely these high-level criminal outfits will target a non-profit because they are the ones making splashy headlines stealing tens of millions and national security secrets. Most non-profits face low- and mid-level hackers who deploy the following common techniques.

  • Bait and Switch: Cyber thieves deploy what appear to be legitimate ads and other click-thru links. These redirect unsuspecting parties to a page infected with malware. Once a file is downloaded, hackers typically gain access to computers and entire systems.
  • Viruses & Trojan: These household name items can end up in an organization’s system through a variety of pathways. Once inside a network, hackers use viruses and trojans to cripple a system or send valuable information back to hackers.
  • Brute Force: Every day, we manage an excessive number of passwords across platforms that include banking, e-commerce, rewards programs, social media, entertainment, and work. Passwords often become challenging to remember, and some people will actually use “password123.” Brute force attacks use technology that runs commonly used passwords through employee login profiles.
  • Phishing Schemes: This has emerged as the strategy of choice for low- and mid-level digital thieves. Many send out thousands of emails requesting the recipient download a file or click on a malicious link. Hackers play the odds that an employee will make this simple mistake, and the entire organization’s network can be exposed.

How Can Non-Profits Protect Data on a Limited Budget?

A non-profit organization that utilizes enterprise-level antivirus software which secures mobile devices and remote infrastructure usually has a good start. But by implementing next-level cybersecurity elements, hackers will consider spending time on your organization a poor investment. These include the following.

  • Cybersecurity Awareness: Training employees to spot the telltale signs in phishing emails and electronic messages protects against the most prevalent schemes. A third-party cybersecurity firm can educate staff members and keep your organization apprised of emerging threats.
  • VPN: Hackers sometimes use public Wi-Fi to identify and breach devices logged into networks. Utilizing technologies such as a Virtual Private Network allows remote workers to effectively hide in plain sight.
  • Multi-Factor Authentication: This strategy requires a separate confirmation beyond overused and predictable passwords. Even if a hacker guesses someone’s password, the piece of information sent to a secondary device remains out of their reach.  

It’s also crucial to save data to multiple locations and keep an offline backup file. These and other strategies harden a non-profit’s cybersecurity defenses. By working with a cybersecurity professional, your non-profit will stop being the low-hanging fruit.