Why Nonprofits Might Be at Higher Risk for Cyberattacks

Cyberattacks On Nonprofits

Today’s society is one where any organization operating online is theoretically at risk for cyberattacks.

Such incidents could tarnish reputations, result in profit and data losses and even get so severe that they force the attacked organizations to shut down due to the damage caused. Nonprofit companies are not at a reduced risk of hacks. On the other hand, they may face an elevated risk for numerous reasons.

Nonprofits Are Not Adequately Prepared for Hacks

A 2016 survey found that 66 percent of the nonprofits polled did not plan to increase their data security spending. Moreover, nearly half of the respondents had not assessed their online risk factors in the past year.

Also, nonprofits often don’t adequately gauge the costs of having to temporarily shut down due to cyberattacks. If their websites get taken offline, people can’t find them in Google searches, and individuals may hesitate to donate money after hearing about Vulnerabilities.

Nonprofits may also get caught in the tricky situation of deciding whether to give into hackers’ demands to get their files back in the case of a ransomware attack. If they decide to pay money in hopes of receiving the records, the costs likely cause financial burdens. Or, they may lose time and productivity by restoring lost files.

Nonprofits May Not Feel Compelled to Put Their Funds Towards Cybersecurity

Data from the 2016 NetDiligence Cyber Claims study found the average number of records seized in a nonprofit cyberattack was more than 12,000. That statistic shows if nonprofits believe that hackers will not do significant damage during an attack, or worse, are under the impression that cybercriminals won’t target them, they may face a surprise.

However, many nonprofits are cash-strapped and want to do everything they can to fulfill the missions of their organizations. Such a mindset means cybersecurity may not fit into the equation when they figure out their budgets for the year.

The Nonprofit Finance Fund’s 2018 State of the Nonprofit Sector Survey also revealed only 26 percent of nonprofits achieved break-even financing in 2017. It also showed a growing uncertainty about being able to meet the needs of service users this year. Both of those things suggest nonprofits may not feel encouraged to invest in cybersecurity before it’s too late.

Nonprofits Often Struggle to Meet Human Resource Needs

Nonprofits frequently operate with bare-bones teams, and they may not have on-site IT team members. On a positive note, some vendors that cater to the nonprofit sector offer secure software options that meet needs such as volunteer management. If nonprofits cannot afford to hire full-time IT experts, the next best thing is to keep their software updated and choose vendors that prioritize security.

Outsourcing is another possibility that could fill the void for IT experts at nonprofits. In any case, the lack of staffing means that people often fill many roles. And, if they need to engage in a team effort to recover data or otherwise get back on track after a cyber incident, it’s not difficult to imagine how an already-busy team could get even more swamped during the aftermath.

When Little Red Door, a nonprofit from Indiana, got hacked, one of the people who helped resume operations afterward was going through chemotherapy for breast cancer while assisting with the file recovery process. She kept up a cheerful attitude during the ordeal but personified the hard work involved in coming back from a hack.

Nonprofits Do Not Believe They Have Valuable Data

Another pervasive myth in the nonprofit sector is that nonprofits do not have any information hackers would want. However, consider that since they accept donations, most nonprofits likely have credit card information kept on file. Statistics indicate that credit card information could sell on the Dark web for more than 0.

Also, even if hackers get less-valuable information such as emails, they could bombard their victims with advertising, phishing attempts and other kinds of unwanted emails. The simple but dangerous belief that a nonprofit organization does not have information useful to hackers could raise the threat of a cyberattack, mainly if groups do not know best practices for keeping their data safe.

It’s Time for a Changed Mindset

The points above are not the only reasons why nonprofits are often at a higher-than-average risk for being hit by cybercriminals. But, they highlight how nonprofits frequently have assumptions that don’t match what statistics show. Then, those faulty conclusions could leave organizations reeling after hackers orchestrate attacks.

Nonprofit representatives must take action to alter their mindsets and realize that now is the time to focus on cybersecurity throughout organizations. Only then can such groups make substantial progress for keeping hackers at bay.

By Kayla Matthews

Patrick Joggerst

Living on the Edge: The New Real-Time Communications Security Risks

Real-time communications Security Risks As more and more people have been forced to work remotely due to the global public health crisis, collaboration platforms have unexpectedly saved the day for millions of businesses and allowed ...
Juan Pablo Perez Etchegoyen

69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These migrations are massively complex and take meticulous planning to ensure ...
Torsten

Five Ways to Secure Access to Web Workloads

Secure Access to Cloud Workloads Organizations are increasingly moving their workloads to the cloud to achieve greater agility, flexibility, and cost savings. That’s a major reason why worldwide spending on public cloud services and infrastructure ...
Kayla Matthews

Here’s How AI Startups Are Doing

AI Startup Growth Now that artificial intelligence (AI) is part of the mainstream, companies are rapidly investigating what they can do to develop new AI technologies that will make society better and translate to substantial ...
Martin Mendelsohn

New Executive Roles in the Post-Corona Era

Executive Roles in the Post-Corona Era As the global economy shows early signs of reviving from past months of rigormortis, forward-looking companies will be busy preparing for the next pandemic. What this means for technology ...
DivvyCloud Podcast

Episode 7: Haste Makes Waste: The Dangers of Rushing to the Cloud

Dangers of Rushing to the Cloud The pressure to accelerate your company’s plans to move to the public cloud is substantial. But it should never be taken lightly. It’s a democratized world far away from ...