Nonprofits & Cybersecurity: The Rising Risk of Attack


Cybersecurity is becoming a serious issue for nonprofits. Learn why everyone is at risk and how to put effective defenses in place before it’s too late.

Nonprofits and Cybersecurity: Why Mission-Driven Organizations are at Increased Risk of Attack

Nonprofits are not immune to cyber attacks. On the contrary, they are at greater risk than ever before. The likelihood of being attacked has never been higher. Neither have the odds that the attack will cause devastating consequences.

The FBI saw a 400% increase in reported cyber attacks during the COVID-19 pandemic as hackers took advantage of a chaotic situation to catch victims off guard. Countless companies fell victim. But so did hospitals, schools, emergency responders, and many mission-driven organizations too. The recent spike in cyber crime is notable for both the aggressive nature of the attacks and the unsparing selection of targets. Anyone and everyone is now a potential victim, including mission-driven organizations of every shape and size. And it’s only a matter of time before an attack arrives.

That’s alarming for any organization, but especially for nonprofits. Cybersecurity often suffers at organizations with limited funding, tight budgets, and slim IT resources. There’s simply not enough time or money to address this issue among so many others. Nonprofits could justify that logic in an earlier era when they faced little risk of attack. But not any longer. Any mission-driven organization that doesn’t make nonprofit data security a top priority is only flirting with disaster.

The Evolution of Cyber Attacks

While the frequency of cyber attacks has increased, so has the sophistication and devastation. The rise of ransomware is the best example. With this type of attack, hackers gain access to IT and then encrypt data and applications so that users can’t access them. The hackers demand a ransom to unencrypt everything. And since most organizations can’t function without tech, ransomware victims have a strong incentive to pay for a return to normal.

Ransom demands can range from a few thousand dollars to eight figures. Hackers may also double-down on their demands by copying data and threatening to release sensitive details without payment. The financial fallout of ransomware can put a huge hole in a nonprofit’s finances, which comes on top of the damage the attack did to operations while IT was offline.

To illustrate the havoc that ransomware creates, consider what happened to the City of Atlanta after it fell victim to ransomware. Officials refused to pay a $51,000 ransom demand, following guidance from almost all law enforcement agencies advising against payment. To ultimately recover from the attack and get all IT restored, however, cost the city more than $2.6 million for technical, legal, and PR assistance.

Nonprofits need to prevent ransomware attacks at all costs, along with all other cyber attacks for that matter. The risks are far too high to ignore cybersecurity any longer.

Best Practices for Nonprofit Cybersecurity

Nonprofits face an uphill climb in terms of cybersecurity. They have fewer resources to spend on the problem, and they often rely on older technologies that are a bigger liability. That’s the bad news for nonprofits ready to get serious about stopping cyber attacks.

The good news is that some of the most effective defenses are also the least expensive. Commitment and consistency matter more than spending when it comes to cybersecurity – just look at how many massive companies fall victim to attacks. Use these strategies for low-cost, high-impact nonprofit cybersecurity:

  • Educate Everyone – People can be the biggest weakness or the best defense. Help employees and volunteers (anyone who interacts with IT) shut down attacks by training them about what to look for and how to act. The Nonprofit Technology Enterprise Network (NTEN) offers lots of valuable, free resources to nonprofits getting serious about cybersecurity.
  • Stay Updated – Hackers use social engineering techniques to manipulate people into enabling attacks. Stay updated about the techniques hackers are currently using, and keep everyone else updated as well. It only takes one person to spot a red flag and prevent a major attack.
  • Improve Password Security – Weak passwords are like unlocked doors for hackers. Use policies to ensure everyone relies on strong passwords, then add a second-layer of protection by requiring multi-factor authentication wherever possible.
  • Install Antivirus – A cheap or even free antivirus program installed on every computer puts one more obstacle between hackers and IT. Be sure to install updates as soon as they are released so that the antivirus can identify and stop the latest threats to nonprofit data security.
  • Filter Spam – A large number of attacks originate in the email inbox. Filtering out spam and scanning incoming messages for viruses can keep malicious emails away from users and help to declutter the inbox at the same time.
  • Use a Firewall – This is another inexpensive or free tool that protects more than it costs. And just like antivirus software, it’s important to keep a firewall updated to defend against emerging threats and protect new IT components.
  • Move to the Cloud – Cloud solutions tend to be more secure and easier to manage since cloud providers handle the heavy lifting. Consider migrating existing solutions to the cloud, and choose future solutions based on whether they make security stronger or weaker. Cybersecurity should factor into every IT decision from here out.

Best Practices for Nonprofit Cybersecurity

The months ahead were busy enough before cybersecurity became an urgent priority. Stay focused on the mission while leaving it up to experts to assess your risk exposure and protection level. JMT Consulting has worked with nonprofits for almost as long as cyber attacks have existed. We can use that experience and hard-earned expertise to recommend a new nonprofit cybersecurity strategy built around cloud technology, smart policies, and well-trained users. Explore what works for your nonprofit – contact JMT Consulting.