Cybersecurity Education Series for Nonprofits – Series Introduction
As the Russia-Ukraine war continues on and further sanctions are added to Russia by western countries, increased cyber threats are expected. As noted in CLA’s recent cybersecurity blogs, cyber threats are becoming more sophisticated, including the use of new malware and other disruptive techniques. If there ever is a time when nonprofits should take precautions, it is now. Over the course of the next few months, we will provide opportunities that can help nonprofits with their IT infrastructure and potential risks and vulnerabilities related to cybersecurity. Below is the itinerary of topics we will discuss in the upcoming months:
- Security Basics I (Including passwords and multifactor authentication)
- Security Basics II (Including unsecured devices, hard drives, and device decommissioning)
- Security Basics III (Including firewalls, anti-virus, and malware solutions)
- Vulnerability Assessments
- Credit Card and Online Donations
- Outdated and Cloud Software Concerns
- Policies, Recovery Plans and Procedures
- Awareness Training and Internal Phishing Audits
Why would nonprofit organizations be targeted versus other industries? While some businesses and operations may be more attractive than nonprofits, nonprofits may be perceived to have weaker internal controls, lower awareness towards cyber vulnerabilities, and, ultimately, be more mission focused than risk-management focused. As more sanctions are added to Russia and the country becomes more isolated, the more desperate bad actors may become and look towards low hanging cyber opportunities as a way to disrupt western countries’ influence on their economy and the war on Ukraine.
Additionally, nonprofits may be a primary target as they often have a wealth of sensitive information. This can range from academic records, personal identification information (i.e., name, social security, driver’s license numbers, government ID numbers), user credentials, donor information (including credit card and other digital wallet information), and medical or health information of customers, patients, and employees. A breach and/or loss of any of this information can not only be damaging to a nonprofit’s reputation, it could significantly impact the organization’s ability to continue operations.
As we continue to roll out more educational content, you may be wondering, what can be done now? Consider taking these actions now to mitigate cyber threats:
- Review the Department of Homeland Security’s “Shields Up” guidance.
- Subscribe to cyber news and trends and increase training and awareness efforts. A nonprofit’s cyber and IT infrastructure is only as strong as its weakest employee. Employees, management, and those charged with governance should be encouraged to sign up and receive cyber-related thought leadership and go through cyber awareness and prevention training.
- Work with current providers or reach out to cyber professional service firms to help identify current vulnerabilities. Internal and external penetration assessments are a great way to identify the vulnerabilities of greatest concern.
How CLA can help?
CLA’s cybersecurity team has a deep understanding of the current threat landscape and can help with vulnerability assessments, awareness training, and/or other cybersecurity concerns/needs. Don’t go at it alone. Learn more here, and reach out if you have any questions.
Additionally, if looking to stay connected on the nonprofit industry or cyber concerns, consider signing up to receive CLA’s nonprofit or cybersecurity blog alerts via email. Click here and click on the “subscribe” icon under the “Innovation in Nonprofit Finance Blog” and “Cybersecurity Blog” titles to receive email notifications on new posts.
Comments are closed.