Why Nonprofits and Associations Are at a Higher Risk of Cyber-Attacks

Publication date: Jun 25, 2020

Last Published: Aug 18, 2020

Table of Contents
Read Time : 5 minutes

Just like all other organizations today, nonprofits and associations rely increasingly on digital technology to accomplish their mission and provide services and benefits to their members.

But unlike many other organizations, nonprofits and associations often fail to realize that there are many serious risks associated with operating online—risks that could severely compromise their ability to provide services and even force them to shut their doors.

The gap between the cybersecurity risks that nonprofits and associations face today and the actions required to address them invites opportunistic cybercriminals with no conscience.

Nonprofits and Associations Don’t Fly Under the Radar

Many nonprofits and associations still believe that cybersecurity concerns only for-profit organizations with deep pockets, but that’s simply not the case anymore, and there have been many high-profile cybersecurity incidents in the last few years alone that support this claim:

  • 2014 – The Texas chapter of The Girl Scouts announced on its Facebook page that its website had been hacked and defaced.
  • 2015 – More than 10,000 people who donated to Utah Food Bank lost their personal information after the organization’s website was hacked.
  • 2016 – The Urban Institute’s National Center for Charitable Statistics became the victim of a cyber-attack that compromised 600–700 organizations.
  • 2017 – A hacker successfully launched a phishing attack on the Save the Children fund, scamming it of nearly $1 million by posing as a staff member.

In general, cybercriminals target nonprofits and associations because they want to steal money from them, obtain sensitive information about their members and donors, or get their hands on their mailing lists to bombard those who are on them with phishing attempts and other unwanted email messages.

In some cases, cybercriminals target a nonprofit or association because they oppose its advocacy or mission and want to make it as difficult as possible for it to operate.

Regardless of their motives, cybercriminals can easily research their targets online because nonprofits and associations publish their tax fillings, staff names, emails, and other potentially exploitable information online.

Lack of Investment in Cybersecurity

Because so many nonprofits and associations wrongly believe that they fly under the radar of cybercriminals, they don’t invest nearly as much money in their cybersecurity defenses and policies as they should.

A survey of 470 nonprofit executives conducted in 2016 by the US-based accounting company CohnReznik revealed that only 29 percent were planning to increase their spending on cybersecurity measures, which is an abysmally low number considering that the cost of a data breach has risen 12 percent over the past 5 years.

As if that wasn’t bad enough, NTEN’s State of Nonprofit Cybersecurity report states that only 20.5 percent of nonprofits have documented policies and procedures in case of a cyberattack. The remaining nonprofits either don’t have any policies and procedures at all or are not sure if they have them.

It’s understandable why cash-strapped nonprofits might be reluctant to increase their cybersecurity budgets, but ignoring cybersecurity threats can only cause financial burdens down the road since it’s always more expensive to recover from a cyberattack than it is to prevent it from happening in the first place.

It’s Time for Nonprofits and Associations to Change Their Mindset

Nonprofits and associations must realize that cybersecurity concerns them as much as it concerns some of the largest corporations in the world and change their mindset accordingly.

Even with their limited budgets, there are certain steps they can take right now to make life just a bit harder for cybercriminals:

  • Keep software updated: Outdated software allows cybercriminals to exploit known vulnerabilities and slip past cybersecurity defenses. Frequent software updates can paradoxically minimize the downtime associated with them since things are less likely to break with smaller, incremental updates.
  • Create strong passwords: Employees must be trained to use unique passwords and avoid password reuse. A password manager app can help achieve this goal, and it also enables secure password sharing between employees.
  • Restrict privileges: There’s absolutely no reason to give regular employees—let alone temporary volunteers—administrative privileges and allow them to make changes to critical systems.
  • Train employees: Employees should be taught to recognize phishing emails and avoid malicious websites. It’s best to demonstrate the tactics and techniques used by cybercriminals with real-world examples and mock attacks.
  • Outsource cybersecurity: Nonprofits and associations with a small or non-existent IT department should consider outsourcing their cybersecurity to experts instead of burdening their team with even more responsibilities.

Conclusion

Nonprofits and associations provide some of the most vital services despite operating on limited budgets. Because they often believe that cybercriminals don’t see them as lucrative targets, they don’t invest nearly as much money in cybersecurity as they should to defend themselves against dangerous cyber threats. Unfortunately, this mindset doesn’t correspond with reality, and all nonprofits and associations should change it as soon as possible to avoid a potentially disastrous cyberattack.

Related Posts:

CONFIGURATOR

Tell us about your organization.

What services are you interested in (select all that apply)?

CONFIGURATOR

IT Support for1 users

required licensing for remote control, patch management, and asset management at $6/user.

Remote Monitoring & Management

Retainer Plans

Subscription Plan

Unlimited remote, onsite, or after hours support $150 /user

CONFIGURATOR

Cloud Solutions

Private Cloud Hosting

Do you need an Application server (finance, AMS, CRM, Remote Desktop)? Includes 100GB hard drive, 8GB RAM, 1 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a web server? Includes 100GB hard drive, 8GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a Database server? Includes 200GB hard drive, 10GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

CONFIGURATOR

Enhanced Security Services

Includes:

Yes No

CONFIGURATOR

Equipment Lifecycle Management Subscription based equipment provided at monthly fee.

Do you need workstations?

Yes No

Do you need core infrastructure?

Yes No

CONFIGURATOR

Ready to get started?




















    View Itemized List

    Summary

    Organization
    IT Support
    Cloud Solutions
    Cloud Solutions2
    Enhanced Security Services
    Equipment Lifecycle Management
    Final

    Total Monthly Recurring Cost:$500

    SUMMARY

    Services

    • IT Support
    • Cloud Solutions
    • Enhanced Security Services
    • Equipment Lifecycle Management

    IT Support

    • RMM licensing $6/user per month

    Cloud Solutions

    Enhanced Security Services

    • + Email Security
    • + Multi-Factor Authentication
    • + Security Awareness Training

    Equipment Lifecycle Management

    • Core Infrastructure $175.00/mo
    Back to Form

    summaryTotal Monthly Recurring Cost:$