Why Nonprofits Might Be at Higher Risk for Cyberattacks

Cyberattacks On Nonprofits

Today’s society is one where any organization operating online is theoretically at risk for cyberattacks.

Such incidents could tarnish reputations, result in profit and data losses and even get so severe that they force the attacked organizations to shut down due to the damage caused. Nonprofit companies are not at a reduced risk of hacks. On the other hand, they may face an elevated risk for numerous reasons.

Nonprofits Are Not Adequately Prepared for Hacks

A 2016 survey found that 66 percent of the nonprofits polled did not plan to increase their data security spending. Moreover, nearly half of the respondents had not assessed their online risk factors in the past year.

Also, nonprofits often don’t adequately gauge the costs of having to temporarily shut down due to cyberattacks. If their websites get taken offline, people can’t find them in Google searches, and individuals may hesitate to donate money after hearing about Vulnerabilities.

Nonprofits may also get caught in the tricky situation of deciding whether to give into hackers’ demands to get their files back in the case of a ransomware attack. If they decide to pay money in hopes of receiving the records, the costs likely cause financial burdens. Or, they may lose time and productivity by restoring lost files.

Nonprofits May Not Feel Compelled to Put Their Funds Towards Cybersecurity

Data from the 2016 NetDiligence Cyber Claims study found the average number of records seized in a nonprofit cyberattack was more than 12,000. That statistic shows if nonprofits believe that hackers will not do significant damage during an attack, or worse, are under the impression that cybercriminals won’t target them, they may face a surprise.

However, many nonprofits are cash-strapped and want to do everything they can to fulfill the missions of their organizations. Such a mindset means cybersecurity may not fit into the equation when they figure out their budgets for the year.

The Nonprofit Finance Fund’s 2018 State of the Nonprofit Sector Survey also revealed only 26 percent of nonprofits achieved break-even financing in 2017. It also showed a growing uncertainty about being able to meet the needs of service users this year. Both of those things suggest nonprofits may not feel encouraged to invest in cybersecurity before it’s too late.

Nonprofits Often Struggle to Meet Human Resource Needs

Nonprofits frequently operate with bare-bones teams, and they may not have on-site IT team members. On a positive note, some vendors that cater to the nonprofit sector offer secure software options that meet needs such as volunteer management. If nonprofits cannot afford to hire full-time IT experts, the next best thing is to keep their software updated and choose vendors that prioritize security.

Outsourcing is another possibility that could fill the void for IT experts at nonprofits. In any case, the lack of staffing means that people often fill many roles. And, if they need to engage in a team effort to recover data or otherwise get back on track after a cyber incident, it’s not difficult to imagine how an already-busy team could get even more swamped during the aftermath.

When Little Red Door, a nonprofit from Indiana, got hacked, one of the people who helped resume operations afterward was going through chemotherapy for breast cancer while assisting with the file recovery process. She kept up a cheerful attitude during the ordeal but personified the hard work involved in coming back from a hack.

Nonprofits Do Not Believe They Have Valuable Data

Another pervasive myth in the nonprofit sector is that nonprofits do not have any information hackers would want. However, consider that since they accept donations, most nonprofits likely have credit card information kept on file. Statistics indicate that credit card information could sell on the Dark web for more than 0.

Also, even if hackers get less-valuable information such as emails, they could bombard their victims with advertising, phishing attempts and other kinds of unwanted emails. The simple but dangerous belief that a nonprofit organization does not have information useful to hackers could raise the threat of a cyberattack, mainly if groups do not know best practices for keeping their data safe.

It’s Time for a Changed Mindset

The points above are not the only reasons why nonprofits are often at a higher-than-average risk for being hit by cybercriminals. But, they highlight how nonprofits frequently have assumptions that don’t match what statistics show. Then, those faulty conclusions could leave organizations reeling after hackers orchestrate attacks.

Nonprofit representatives must take action to alter their mindsets and realize that now is the time to focus on cybersecurity throughout organizations. Only then can such groups make substantial progress for keeping hackers at bay.

By Kayla Matthews

Adam Cole
Mitigating Regulatory Risk Some of the great business opportunities for Unified Communications as a Service (UCaaS) integrators and Value-Added Resellers (VARs) have been the emergence of cloud, telephony and Unified Communications (UC) technologies such as ...
Images Spy
There’s been a lot of focus over the last few months on freedom of speech and censorship online. What began with Alex Jones and David Ike a number of years ago has morphed into bans ...
JK Chelladurai
Maintain telecom tax compliance The Telecommunications industry is one of the most heavily taxed service industries. In countries such as the United States, providers have to keep on top of Federal, State, and District taxes, ...
Gary Bernstein
How IoT Cloud Services Stack Up Against DIY The ever-increasing mass adoption of IoT devices is leading to a consistent rise in the data generated through these devices. Large corporations are cashing on this opportunity ...
Ronald van Loon
There are many exciting advancements made in the field of artificial intelligence (AI), like machine learning at the edge, explainable AI, and adversarial machine learning. This rapid progression of AI is accelerating industry innovations, including ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

Cloud Community Supporters

(ISC)²
Aws
Hp
Ca
Cisco Logo

Cloud community support comes from sponsorship advertising and collaborative network partnership initiatives.

Contact us for more information on how to get involved in our flexibly priced programs!