Non Profits

Adversaries opposed to the mission of nonprofits may seek to attack a nonprofit’s system, either to disrupt the nonprofit’s operations or gain information to target the nonprofit’s client or volunteer base.

Frequently Asked Questions

  • Nonprofits
  • Do Nonprofits need Cybersecurity?

    Yes. Because they normally store sensitive information desirable for attacker, and also they can be seen as an easy entry to larger nonprofits or government entities.

  • Why Nonprofits can be Attacked?

    Because many nonprofits store personally identifiable information (PII), including full names, addresses, social security numbers, medical information, driver’s license numbers, email addresses, and more, their IT systems are a target-rich environment.

  • What are the risks of a Data Breach?

    Many nonprofits collect and store sensitive personal information that is protected by law as confidential. When there is a breach of the confidentiality of those data, that poses a risk for the individuals whose data was disclosed, AND for the nonprofit that will now potentially be subject to liability for the breach.

  • What should nonprofits do?

    It makes sense for EVERY nonprofit to - at a minimum - assess the risks of a data security breach, and protect its data from unauthorized disclosure.

  • What cybersecurity steps a nonprofit can take?

    First Step | Risk assessment: assessing your nonprofit’s data risks is to take inventory of all the data your nonprofit collects and identify where it is stored

    Second Step | Are the data your nonprofit maintains "protected" or "confidential"?: Second, know whether the data your nonprofit collects and maintains is covered by federal or state regulations as “personally identifiable information.” If so, forty-seven states’ laws require nonprofits to inform persons whose “personally identifiable information” is disclosed in a security breach, and 31 states have laws that require the disposal of such data in certain ways. Additionally, the Federal Trade Commission's Disposal Rule also requires proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” Protecting personally identifiable information is all about training staff on how to collect/store/dispose of and generally protect this data.

    Third Step | Drill down on the actual risks: Third, consider using the US National Institute of Standards and Technology (NIST) Cybersecurity Framework to help your nonprofit identify risks, and make management decisions to mitigate those risks. This framework is not intended to be a one-size-fits-all approach but to allow organizations to manage cybersecurity risks in a cost-effective way, based on their own environment and needs.

  • How likely is it that hackers will take over your nonprofit’s website?

    That depends on the strength of the security of individual nonprofits’ websites and how consistently users follow strong password protocols.

  • How serious are the risks of a site takeover?

    Typically, the main website remains intact, but the hackers create additional content that can’t be good for your nonprofit’s reputation – or Google analytics. So, on balance, a site takeover does not create the same type of liability risks that other security breaches do, but cleaning up the mess can be time consuming and costly.

  • Is Cyber Liability Insurance needed?

    Insurance policies are available to cover losses from breaches affecting a nonprofit’s own information and losses affecting third parties’ information (such as patients/clients, and donors). The types of losses/expenses that cyber insurance can cover a range from the cost of notifying all the folks whose information may have been comprised; to the cost of content repair, such as repair to a hacked website; to the cost of hiring a PR whiz to help your nonprofit recover its reputation after a severe security breach. There are even some policies that address business interruption in the event a cybersecurity breach is so severe that it forces the nonprofit to temporarily suspend operations

  • What steps a noprofit should take before deciding whether to purchase cyber-liability insurance?

    (1) Understand how a breach of privacy claim could affect your nonprofit

    (2) Work with a knowledgeable insurance agent or broker who not only understands how different cyber liability policies differ in their coverage, but also understands your nonprofit’s operations and activities well enough that s/he can break down your nonprofit’s exposures with you. Choosing insurance products should be a collaborative effort with your nonprofit’s broker/agent

    (3) as with all insurance, take a hard look at the cost of the annual premium.

  • Most Common Risks Associated with the Business of Charit

    Risk #1: Online Donations While technology has made it much easier for nonprofits and charitable organizations to accept donations online, it has also made it that much simpler for a digital pickpocket to steal from the organization.

    While payment is easy for the customer, having an unsecured website could mean leaving an open avenue for a cyberattack.

    Risk #2: Phishing Scams and Ransomware

    Communicating with donors, partner organizations, and clients is a simple process today. Automated emails and newsletters keep interested parties aware of what's going on in the organization. But as you're responding to emails, you could be putting the organization at risk. Clicking a bad link, downloading a seemingly safe Word, Excel, or PowerPoint file, or even just opening a PDF file could put your hard-won funds at risk.

    Cybercriminals use phishing emails, a type of social engineering scam, in an attempt to obtain sensitive information. They may also install ransomware, or ransom malware, on a nonprofit's computer system, blocking access until they receive a sum of money or another action has been completed.

    Risk #3: Volunteers

    Volunteers share their time for many reasons, from being a surviving family member to wanting to give back to the local community. And while many volunteers have good intentions, there are a few that may volunteer their time to gain access to your data stores. Training time is short, onboarding an on-the-job process, and the bad guys can sometimes slip through the cracks, leaving your organization at risk for a cyberattack.

  • ADVERTISEMENT

    BOOKS

    IT (Information Technology) is a necessary part of your business and it can be rather complex subject most managers and owners don’t wish to deal with. But it doesn’t have to be so difficult!In this concise and easy-to-read book, the author provides seven simple strategies small businesses and non-profits can...

    Read more
    ADVERTISEMENT

    COURSES & EDUCATION

    In this webinar, Community IT Innovators’ Cybersecurity expert Matt Eshleman walks you through a typical staff training, explaining what must be included, how to approach building a team ethos, and how often to update/mandate your training and work with HR.

    Read more
    ADVERTISEMENT

    DEFINITIONS

    Data Extraction Attack – Definition

    Occurs when a bad actor executes a SQL query to the database via the input data from the client to server. If successful, the attacker can read all information stored in the organization’s database, modify the information in any way, and even complete delete the database.

    Read more
    ADVERTISEMENT

    DOCUMENTS

    ADVERTISEMENT

    ENTERTAINMENT

    ADVERTISEMENT

    QUOTES

    ADVERTISEMENT

    TOOLS

    AccountGuard helps organizations protect sensitive data and build trust by providing unified threat detection and notification across organizational and associated personal accounts in the event of a nation-state attack or compromise.

    Read more

    Welcome Back!

    Login to your account below

    Retrieve your password

    Please enter your username or email address to reset your password.

    Add New Playlist