Non-Profit Organisations & Cyber Security

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Non-profit organizations need to start paying attention, as smaller organizations and businesses tend to be targeted by cyber criminals due to the lack of smart and sophisticated cyber security technology. 

According to various reports, around 50% of smaller organizations and 90% of small businesses lack cyber security technology to protect themselves. Most non-profits do not collect any personal information like their bigger counterparts (banks for example) and yet they are still at great risk.

The reason for this? Often these organizations have a lack of awareness, how the ransomware infection process works and what kind of encryption methods are used. The lack of attention to cyber security by non-profits also comes from the fact that they often think (or at least hope) that cyber criminals will bypass them and target bigger more lucrative companies instead.

The ransomware usually encrypts information, photos, and files of a smaller company/organization, and the owner is then notified through an email that they have to pay a certain amount of money to receive a key or code that will unlock their data.

In some cases, the ransom may even be as high as hundreds of thousands of dollars! Oops! That's quite a lot for a non-profit. Well, this is why there are all kinds of options to choose from when it comes to cybersecurity products for your organization so you don't have to lose all your data and hard work!

Some organizations (that use Windows operating systems) may want (or need) to look into the following:

  • DIY Solutions like free AVG anti-virus. There are other options out there as well, but they may give you a false sense of security.
  • Industry-standard software like Avast or McAfee are either free or come with a monthly option (or trial) for organizations to use which allows them to be able to protect themselves against ransomware without having to pay anything.
  • You can always run your computers in a simulated environment with no internet access to prevent any intrusion or infection in the first place! This is referred to as 'Sandboxing'. An example of this software would be VMware. However, keep in mind that these products are not perfect and don't always work. But they are a good place to start.

There are also many other solutions out there, including cloud-based ones from companies like Carbonite, however, make sure you do some research on the product itself and how it works before you get yourself into one of them!

While these options may be appealing because of their low costs or even free options, please remember that they may not be as secure as products made by companies that specialize in anti-virus and cyber security or those that put high-end security on top of their list, such as Microsoft.

Always research and make sure you know what you're protecting yourself against before making a decision like this. It's better to be safe than sorry!

However, there is worse to come. Non-profits are not only at risk from ransomware, but also from phishing attacks that can steal your donations or sensitive information. This is because of the lack of password protection on servers and databases possibly containing sensitive donor information.

But hopefully, with these tips, you will be able to secure your non-profit against these attacks. The key is prevention.

If you ever do get infected, remember that the first thing you should be doing is disconnecting all of your equipment from any network! If this is not possible, turn off the internet connection and immediately contact your IT service provider.

Lastly, always make sure your employees are well-trained on how ransomware works and what they should do if they suspect anything. This is important especially because non-profits are often run by volunteers and someone not knowing what to do could cost you everything!

The bottom line is that ransomware infections are becoming a bigger risk for non-profits now. It's important to educate yourself on the subject and make sure your organization does as much as it can to prepare itself against these attacks. Because, if cyber criminals target you, there's no telling what they might want or be able to take!

John Giordani is CISO at NCheng LLP

You Might Also Read: 

Cyber Crime Is An Increasing Risk For Charities:

 

« Ransomware, Iranian Hackers & Pornography
Trojan Malware Installed On Millions Of Android Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.

SecureDApp

SecureDApp

SecureDApp is a blockchain security company that specialises in offering comprehensive security solutions to companies operating in the web3 space.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.

International Maritime Cyber Security Organisation (IMCSO)

International Maritime Cyber Security Organisation (IMCSO)

The IMCSO mission is to be the standard in the maritime cyber security industry, a collective voice, working towards alignment and standardisation.