Today’s society is one where any organization operating online is theoretically at risk for cyberattacks.
Such incidents could tarnish reputations, result in profit and data losses and even get so severe that they force the attacked organizations to shut down due to the damage caused. Nonprofit companies are not at a reduced risk of hacks. On the other hand, they may face an elevated risk for numerous reasons.
A 2016 survey found that 66 percent of the nonprofits polled did not plan to increase their data security spending. Moreover, nearly half of the respondents had not assessed their online risk factors in the past year.
Also, nonprofits often don’t adequately gauge the costs of having to temporarily shut down due to cyberattacks. If their websites get taken offline, people can’t find them in Google searches, and individuals may hesitate to donate money after hearing about Vulnerabilities.
Nonprofits may also get caught in the tricky situation of deciding whether to give into hackers’ demands to get their files back in the case of a ransomware attack. If they decide to pay money in hopes of receiving the records, the costs likely cause financial burdens. Or, they may lose time and productivity by restoring lost files.
Data from the 2016 NetDiligence Cyber Claims study found the average number of records seized in a nonprofit cyberattack was more than 12,000. That statistic shows if nonprofits believe that hackers will not do significant damage during an attack, or worse, are under the impression that cybercriminals won’t target them, they may face a surprise.
However, many nonprofits are cash-strapped and want to do everything they can to fulfill the missions of their organizations. Such a mindset means cybersecurity may not fit into the equation when they figure out their budgets for the year.
The Nonprofit Finance Fund’s 2018 State of the Nonprofit Sector Survey also revealed only 26 percent of nonprofits achieved break-even financing in 2017. It also showed a growing uncertainty about being able to meet the needs of service users this year. Both of those things suggest nonprofits may not feel encouraged to invest in cybersecurity before it’s too late.
Nonprofits frequently operate with bare-bones teams, and they may not have on-site IT team members. On a positive note, some vendors that cater to the nonprofit sector offer secure software options that meet needs such as volunteer management. If nonprofits cannot afford to hire full-time IT experts, the next best thing is to keep their software updated and choose vendors that prioritize security.
Outsourcing is another possibility that could fill the void for IT experts at nonprofits. In any case, the lack of staffing means that people often fill many roles. And, if they need to engage in a team effort to recover data or otherwise get back on track after a cyber incident, it’s not difficult to imagine how an already-busy team could get even more swamped during the aftermath.
When Little Red Door, a nonprofit from Indiana, got hacked, one of the people who helped resume operations afterward was going through chemotherapy for breast cancer while assisting with the file recovery process. She kept up a cheerful attitude during the ordeal but personified the hard work involved in coming back from a hack.
Another pervasive myth in the nonprofit sector is that nonprofits do not have any information hackers would want. However, consider that since they accept donations, most nonprofits likely have credit card information kept on file. Statistics indicate that credit card information could sell on the Dark web for more than 0.
Also, even if hackers get less-valuable information such as emails, they could bombard their victims with advertising, phishing attempts and other kinds of unwanted emails. The simple but dangerous belief that a nonprofit organization does not have information useful to hackers could raise the threat of a cyberattack, mainly if groups do not know best practices for keeping their data safe.
The points above are not the only reasons why nonprofits are often at a higher-than-average risk for being hit by cybercriminals. But, they highlight how nonprofits frequently have assumptions that don’t match what statistics show. Then, those faulty conclusions could leave organizations reeling after hackers orchestrate attacks.
Nonprofit representatives must take action to alter their mindsets and realize that now is the time to focus on cybersecurity throughout organizations. Only then can such groups make substantial progress for keeping hackers at bay.
By Kayla Matthews
