Non-profits are caught in a bit of a cyber security loop. You have fewer resources to commit to your security, and this vulnerability makes you a more desirable target for criminals. Non-profits have seen a rise in ransomware attacks. This is where a criminal somehow infects your system with malware. This program encrypts your information, including things like donor information, and demands payment to release the information back to you.
This is an especially unfortunate kind of crime for a non-profit to suffer from because they have likely spent years or decades cultivating their donor list and starting again from scratch is not an option. So, it is important for you to protect your organization. Below are some ideas on how non-profits can avoid ransomware issues.
Educate Employees and Volunteers
You can often prevent malware from being downloaded to your system in the first place by educating employees and volunteers about the common tricks that are used to get them to download them. Simply helping people identify fraudulent emails or teaching them not to plug in unknown USBs to the system can go quite a long way to protecting your information.
Collect Less Data
Making yourself a worse target for ransomware is a smart idea. Rethink any policies that have you collect extremely valuable information such as credit card information, medical information, and social security codes. For example, instead of collecting credit card information yourself, you can use an intermediary payment system. When you have less valuable information you are less valuable to attackers.
Network Updates and Maintenance
You shouldn’t just install and then forget your software–or your hardware. In order to have up-to-date ransomware protection, you need to regularly maintain and update your network and your equipment. Criminals move fast, finding new vulnerabilities in systems. But, providers also keep up, adjusting things to keep them secure. To benefit from those adjustments, you need to have a system that provides regular updates as they are issued.
Push for Grant Changes
The non-profit sector as a whole could be more secure if funding for security was included in grants, even made an expectation in the grant application process. You can make a change across your industry by bringing attention to this opportunity, and helping your fellows understand technology expectations.
Be Aware of Your Unique Challenges
While ransomware is often about making money, sometimes it is about “disrupting things,” according to Craig Newmark, founder of Craig Newmark Philanthropies, as per Dark Reading. You might consider if attackers might want to disrupt your charitable purpose, expose your donors to public scrutiny, or otherwise undermine some aspect of society by attacking you.
Seek Professional Help
Few smaller non-profits have IT people on staff. Your people know more about managing resources, helping people and connecting with donors than they know about cyber security. So, a common first step is to reach out to security firms that can give you specific, actionable ransomware security tips. While generalized tips help, every organization is different and has different vulnerabilities. It’s important to know what yours are.
Kyber Security | CT Cybersecurity Experts
Don’t get caught off guard. See your organization from an attacker’s perspective. Kyber Security can conduct a comprehensive cyber insurance and controls preparedness assessment to evaluate vulnerabilities.
Here’s What You Can Expect From an Assessment:
- Understand your organization’s gaps with core controls associated with cyber liability insurance premiums
- Obtain immediately actionable information for how you can better secure your organization
- Learn how you can improve the overall cybersecurity posture of your organization