Non-Profit Organisations & Cyber Security

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Non-profit organizations need to start paying attention, as smaller organizations and businesses tend to be targeted by cyber criminals due to the lack of smart and sophisticated cyber security technology. 

According to various reports, around 50% of smaller organizations and 90% of small businesses lack cyber security technology to protect themselves. Most non-profits do not collect any personal information like their bigger counterparts (banks for example) and yet they are still at great risk.

The reason for this? Often these organizations have a lack of awareness, how the ransomware infection process works and what kind of encryption methods are used. The lack of attention to cyber security by non-profits also comes from the fact that they often think (or at least hope) that cyber criminals will bypass them and target bigger more lucrative companies instead.

The ransomware usually encrypts information, photos, and files of a smaller company/organization, and the owner is then notified through an email that they have to pay a certain amount of money to receive a key or code that will unlock their data.

In some cases, the ransom may even be as high as hundreds of thousands of dollars! Oops! That's quite a lot for a non-profit. Well, this is why there are all kinds of options to choose from when it comes to cybersecurity products for your organization so you don't have to lose all your data and hard work!

Some organizations (that use Windows operating systems) may want (or need) to look into the following:

  • DIY Solutions like free AVG anti-virus. There are other options out there as well, but they may give you a false sense of security.
  • Industry-standard software like Avast or McAfee are either free or come with a monthly option (or trial) for organizations to use which allows them to be able to protect themselves against ransomware without having to pay anything.
  • You can always run your computers in a simulated environment with no internet access to prevent any intrusion or infection in the first place! This is referred to as 'Sandboxing'. An example of this software would be VMware. However, keep in mind that these products are not perfect and don't always work. But they are a good place to start.

There are also many other solutions out there, including cloud-based ones from companies like Carbonite, however, make sure you do some research on the product itself and how it works before you get yourself into one of them!

While these options may be appealing because of their low costs or even free options, please remember that they may not be as secure as products made by companies that specialize in anti-virus and cyber security or those that put high-end security on top of their list, such as Microsoft.

Always research and make sure you know what you're protecting yourself against before making a decision like this. It's better to be safe than sorry!

However, there is worse to come. Non-profits are not only at risk from ransomware, but also from phishing attacks that can steal your donations or sensitive information. This is because of the lack of password protection on servers and databases possibly containing sensitive donor information.

But hopefully, with these tips, you will be able to secure your non-profit against these attacks. The key is prevention.

If you ever do get infected, remember that the first thing you should be doing is disconnecting all of your equipment from any network! If this is not possible, turn off the internet connection and immediately contact your IT service provider.

Lastly, always make sure your employees are well-trained on how ransomware works and what they should do if they suspect anything. This is important especially because non-profits are often run by volunteers and someone not knowing what to do could cost you everything!

The bottom line is that ransomware infections are becoming a bigger risk for non-profits now. It's important to educate yourself on the subject and make sure your organization does as much as it can to prepare itself against these attacks. Because, if cyber criminals target you, there's no telling what they might want or be able to take!

John Giordani is CISO at NCheng LLP

You Might Also Read: 

Cyber Crime Is An Increasing Risk For Charities:

 

« Ransomware, Iranian Hackers & Pornography
Trojan Malware Installed On Millions Of Android Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Security Awareness Special Interest Group (SASIG)

Security Awareness Special Interest Group (SASIG)

The Security Awareness Special Interest Group (SASIG) addresses the human aspects of security and fraud prevention in an initiative to improve trust and confidence in the online environment.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Barrier Networks

Barrier Networks

Barrier Networks are a Cyber Security Managed Service Provider that specialises in Network and Application security.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.