Non-Profit Organisations & Cyber Security

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Non-profit organizations need to start paying attention, as smaller organizations and businesses tend to be targeted by cyber criminals due to the lack of smart and sophisticated cyber security technology. 

According to various reports, around 50% of smaller organizations and 90% of small businesses lack cyber security technology to protect themselves. Most non-profits do not collect any personal information like their bigger counterparts (banks for example) and yet they are still at great risk.

The reason for this? Often these organizations have a lack of awareness, how the ransomware infection process works and what kind of encryption methods are used. The lack of attention to cyber security by non-profits also comes from the fact that they often think (or at least hope) that cyber criminals will bypass them and target bigger more lucrative companies instead.

The ransomware usually encrypts information, photos, and files of a smaller company/organization, and the owner is then notified through an email that they have to pay a certain amount of money to receive a key or code that will unlock their data.

In some cases, the ransom may even be as high as hundreds of thousands of dollars! Oops! That's quite a lot for a non-profit. Well, this is why there are all kinds of options to choose from when it comes to cybersecurity products for your organization so you don't have to lose all your data and hard work!

Some organizations (that use Windows operating systems) may want (or need) to look into the following:

  • DIY Solutions like free AVG anti-virus. There are other options out there as well, but they may give you a false sense of security.
  • Industry-standard software like Avast or McAfee are either free or come with a monthly option (or trial) for organizations to use which allows them to be able to protect themselves against ransomware without having to pay anything.
  • You can always run your computers in a simulated environment with no internet access to prevent any intrusion or infection in the first place! This is referred to as 'Sandboxing'. An example of this software would be VMware. However, keep in mind that these products are not perfect and don't always work. But they are a good place to start.

There are also many other solutions out there, including cloud-based ones from companies like Carbonite, however, make sure you do some research on the product itself and how it works before you get yourself into one of them!

While these options may be appealing because of their low costs or even free options, please remember that they may not be as secure as products made by companies that specialize in anti-virus and cyber security or those that put high-end security on top of their list, such as Microsoft.

Always research and make sure you know what you're protecting yourself against before making a decision like this. It's better to be safe than sorry!

However, there is worse to come. Non-profits are not only at risk from ransomware, but also from phishing attacks that can steal your donations or sensitive information. This is because of the lack of password protection on servers and databases possibly containing sensitive donor information.

But hopefully, with these tips, you will be able to secure your non-profit against these attacks. The key is prevention.

If you ever do get infected, remember that the first thing you should be doing is disconnecting all of your equipment from any network! If this is not possible, turn off the internet connection and immediately contact your IT service provider.

Lastly, always make sure your employees are well-trained on how ransomware works and what they should do if they suspect anything. This is important especially because non-profits are often run by volunteers and someone not knowing what to do could cost you everything!

The bottom line is that ransomware infections are becoming a bigger risk for non-profits now. It's important to educate yourself on the subject and make sure your organization does as much as it can to prepare itself against these attacks. Because, if cyber criminals target you, there's no telling what they might want or be able to take!

John Giordani is CISO at NCheng LLP

You Might Also Read: 

Cyber Crime Is An Increasing Risk For Charities:

 

« Ransomware, Iranian Hackers & Pornography
Trojan Malware Installed On Millions Of Android Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Hogan Lovells

Hogan Lovells

Hogan Lovells is an international business law firm with offices across Europe, Asia and the USA. Practice areas include Privacy & Cybersecurity.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.