Recent estimates project that the global cost of damages done by cybercrime would amount to six trillion dollars by 2025. That’s a staggering number, but does this really put nonprofit organizations at risk? A recent study indicates that about 50% of nonprofit organizations surveyed had been the target of a recent cyberattack.
But why would they even be a target? Nonprofits aren’t Fortune 500 organizations with billions in the bank. There is a preconceived notion that cybercriminals are only after organizations with deep pockets, but the reality couldn’t be further from this. Cybercriminals are targeting organizations of all sizes and across every industry.
Why Do Cybercriminals Go After Nonprofits?
There are a couple of reasons that cybercriminals would target a nonprofit organization.
- Data. Although breaching a nonprofit organization is probably not going to yield cash for criminals, it does offer something just as lucrative—data, specifically financial data and donor information. Data can be sold or leveraged for financial gain.
- Insufficient security. Nonprofits may be easier to target because of a lack of security. The same study mentioned above found that about half of the organizations did not have a formal security team prepared to protect them from cyberattacks.
Examples of Prominent Cyberattacks
Cyberattacks on nonprofits are not just a threat; they are a reality. Here are some well-known recent examples.
- In 2015, The American Museum of Natural History in New York was subject to an email phishing scam that resulted in an erroneous three million dollar wire transfer.
- Attackers fraudulently solicited donations on behalf of The Harry and Jeanette Weinberg Foundation in June 2018.
- Blackbaud, a social enterprise cloud services company, was breached in a ransomware attack in February 2020. Important personal information and financial data were leaked.
Assess Your Cybersecurity Vulnerabilities
Understanding where your nonprofit organization has cybersecurity gaps is the first step in improving your security posture. Studies have shown that upwards of 70% of nonprofit organizations have not completed a vulnerability assessment. With the real threat of cyberattacks, nonprofits need to ensure they don’t have any exposure or weaknesses.
While many nonprofits don’t have a team of cybersecurity experts on staff, taking advantage of security advisory services is a great way organizations can ensure they are protected against future cybercrime.
How to Reduce Risk
There is a lot you can do to protect your nonprofit organization from cybercrime. Being proactive will likely reduce any vulnerabilities.
- Keep software up-to-date
- Document a plan for responding to incidents of cybercrime
- Control access to delicate information
- Protect user accounts
- Exercise caution in processing requests
Besides the steps you can take to reduce threats to your nonprofit organization, the professionals at TPx can provide you with IT management and cybersecurity services to help you meet the modern challenges of keeping your data and clients safe from cyberattacks. Contact us today to see how we can help.