Non-Profit Organisations & Cyber Security

Uploaded on 2021-11-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Non-profit organizations need to start paying attention, as smaller organizations and businesses tend to be targeted by cyber criminals due to the lack of smart and sophisticated cyber security technology. 

According to various reports, around 50% of smaller organizations and 90% of small businesses lack cyber security technology to protect themselves. Most non-profits do not collect any personal information like their bigger counterparts (banks for example) and yet they are still at great risk.

The reason for this? Often these organizations have a lack of awareness, how the ransomware infection process works and what kind of encryption methods are used. The lack of attention to cyber security by non-profits also comes from the fact that they often think (or at least hope) that cyber criminals will bypass them and target bigger more lucrative companies instead.

The ransomware usually encrypts information, photos, and files of a smaller company/organization, and the owner is then notified through an email that they have to pay a certain amount of money to receive a key or code that will unlock their data.

In some cases, the ransom may even be as high as hundreds of thousands of dollars! Oops! That's quite a lot for a non-profit. Well, this is why there are all kinds of options to choose from when it comes to cybersecurity products for your organization so you don't have to lose all your data and hard work!

Some organizations (that use Windows operating systems) may want (or need) to look into the following:

  • DIY Solutions like free AVG anti-virus. There are other options out there as well, but they may give you a false sense of security.
  • Industry-standard software like Avast or McAfee are either free or come with a monthly option (or trial) for organizations to use which allows them to be able to protect themselves against ransomware without having to pay anything.
  • You can always run your computers in a simulated environment with no internet access to prevent any intrusion or infection in the first place! This is referred to as 'Sandboxing'. An example of this software would be VMware. However, keep in mind that these products are not perfect and don't always work. But they are a good place to start.

There are also many other solutions out there, including cloud-based ones from companies like Carbonite, however, make sure you do some research on the product itself and how it works before you get yourself into one of them!

While these options may be appealing because of their low costs or even free options, please remember that they may not be as secure as products made by companies that specialize in anti-virus and cyber security or those that put high-end security on top of their list, such as Microsoft.

Always research and make sure you know what you're protecting yourself against before making a decision like this. It's better to be safe than sorry!

However, there is worse to come. Non-profits are not only at risk from ransomware, but also from phishing attacks that can steal your donations or sensitive information. This is because of the lack of password protection on servers and databases possibly containing sensitive donor information.

But hopefully, with these tips, you will be able to secure your non-profit against these attacks. The key is prevention.

If you ever do get infected, remember that the first thing you should be doing is disconnecting all of your equipment from any network! If this is not possible, turn off the internet connection and immediately contact your IT service provider.

Lastly, always make sure your employees are well-trained on how ransomware works and what they should do if they suspect anything. This is important especially because non-profits are often run by volunteers and someone not knowing what to do could cost you everything!

The bottom line is that ransomware infections are becoming a bigger risk for non-profits now. It's important to educate yourself on the subject and make sure your organization does as much as it can to prepare itself against these attacks. Because, if cyber criminals target you, there's no telling what they might want or be able to take!

John Giordani is CISO at NCheng LLP

You Might Also Read: 

Cyber Crime Is An Increasing Risk For Charities:

 

« Ransomware, Iranian Hackers & Pornography
Trojan Malware Installed On Millions Of Android Devices »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

Nextgen Group

Nextgen Group

Nextgen Group is a pioneering technology services group with innovative and unique services across enterprise software, cloud, data management, and cybersecurity solutions.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

Cybalt

Cybalt

Cybalt is a security services company that provides end-to-end security solutions to help clients achieve their business goals.

Sectricity

Sectricity

As independent ethical hackers, Sectricity go beyond traditional security, uncovering every vulnerability - testing both systems and employees to eliminate weak spots.

TekStream Solutions

TekStream Solutions

TekStream accelerates clients’ digital transformation by navigating complex technology environments with a combination of technical expertise and staffing solutions.