Nonprofit companies are a popular target for cyberattacks. Challenges with staffing, unoptimized workflows, and weak internal controls, provide opportune opportunities for cyberattacks. As these attacks increase in number, there are several steps your organization can take to safeguard from becoming the victim.
According to Accenture’s 2021 State of Cybersecurity Survey, the average business faced 270 cyberattacks throughout the year, a 31% year-over-year increase from 2020. Concerning the rise in attacks, spending on cybersecurity has also increased. From 2020 to 2021, 82% of companies have increased their cybersecurity spending to prevent future episodes.
“Cybercriminals are starting to realize that nonprofits and NGOs are a fantastic market,” says Adrien Ogée, chief operating officer of the CyberPeace Institute, to Philanthropy.
Attacks can cost your organization millions, and your company may not have the budget to significantly increase investments into its cybersecurity spending. According to IBM, in 2021, the average cost of a data breach was $4.24 million, the highest average on record. So what are you to do?
Start With Your Employees
According to the World Economic Forum, 95% of data breaches are caused by human error. To combat this, your organization should take a series of steps to ensure your employees are always aware of the potential for crime.
Follow these tips to teach your employees about cybersecurity:
- Regularly talk to employees, including management and IT staff, about cybersecurity
- Have consistent training sessions that explore different cyberattack situations and ploys that bait employees into giving away information
- Include cybersecurity in employee onboarding sessions, and change the format of the classes to keep them educational
- Provide ongoing cybersecurity training
- Ensure your employees are mindful of sites they’re using at work, the links they click, and are careful when receiving communications from unknown parties
- Phishing scams where cybercriminals pose as members of an organization are becoming increasingly popular. Never give out your password to anyone over the web, and always double-check in person if the request is coming from someone in upper management.
- Train employees to recognize an attack or identify suspicious activity, and appoint a person in your organization for employees to notify in the event of an attack
- According to the Association of Certified Fraud Examiners’ 2020 Report to the Nations, 43% of fraud schemes were detected after an employee tip
- Test your employees on their cybersecurity knowledge to ensure they are current and up to date on the latest schemes
- When it comes to financial matters, establish a process to handle finance requests that has both in-person and digital approval workflows. Include proper communication steps, and double check with who is making the request to maintain a check-and-balance system.
- Ensure your organization’s financial platforms have internal controls to ensure appropriate parties access financial information at the right times.
Developing a cybersecurity policy and integrating best prevention practices into the organizational culture is the first step to preventing cyberattacks. The next step is to examine your organization’s tech stack and ensure your vendors are taking steps to protect your organization from cyberattacks.
Making a Strong Investment
As you look to make an investment, don’t let technical jargon cloud your decision to invest. Tech platforms that proactively approach cybersecurity make it easier for your organization to keep your information secure. Using cloud-based software opens the opportunity to increase information security, realize more efficient scalability, and find ways to optimize technology spend against the features provided.
Platforms that provide cloud environments have layers of security that help reduce the incidence of fraud overall. Examples of these security layers include limited user access and permissions, encrypted data and communications, and industry trade group-endorsed compliance standards. Utilizing a vendor that employs high-level safeguards and has strong built-in internal controls when meeting compliance regulations for data security and proprietary information will help.
If your organization has software that processes transactions, your vendors should use 2048‐bit RSA SSL encryption technology to protect and authenticate data transactions. Users can set their credentials with specific access to your data, depending on their security access.
Cloud-based platforms offer endless potential and potential cost savings, but you must ensure your company chooses the right platforms to invest in. Ask your technology partners these questions:
- Do your products offer a cloud version?
- What sort of security compliance does your company employ?
- How does your software keep my organization’s data safe?
- Does the software have internal controls to limit who can access data and when?
- Is your software regularly updated to patch bugs and close potential loopholes?
If the answer to those questions doesn’t match your organization’s cybersecurity policy, it’s time to find a different technology provider.
Just like you audit your finances annually, your organization must regularly audit its cybersecurity. Whether that means having robust employee training or contracting with technology vendors that secure your organization’s information, the days of simply hoping it won’t happen to your organization are behind us. Prepare today, benefit today, tomorrow, and always.
Neil Taurins is the General Manager of Nonprofit Solutions at MIP Fund Accounting®. He has been with the company for more than 12 years and is passionate about working with nonprofits to provide them with solutions to improve efficiency and better help them accomplish their mission.