Cyberattacks are here to stay and ransomware demands to organizations are unfortunately skyrocketing. Nonprofit boards need to know the essentials of how to protect data and their board members against cyberattacks.
Nonprofits rely heavily on mobile and digital technologies to manage and fulfill their missions. Collecting and managing data has always been an essential part of delivering nonprofit services and activities, but the last decade has seen an increased reliance on technology to facilitate. The downside of the reliance on technology adds a new vulnerability – the risk of cyberattacks.
Here’s how governance technology can help tackle this key risk area for your organization.
Cyberattacks are on the Rise
Cybersecurity incidents have risen dramatically over the last few years. Sadly, the truth is that nonprofit organizations are among targeted groups for cyberattacks, because defenses can be easily breached allowing access to sensitive data.
NGOs and nonprofits raise over $30 billion each year, receiving funds from around the world. They often don’t have the necessary security measures in place, making them attractive to hackers. Only 1 in 10 organizations trains its staff regularly on cybersecurity, 3 out of 4 do not monitor their networks and 4 out of 5 do not have any cybersecurity plan.
If your nonprofit is collecting and storing personal information about individuals who are vulnerable or at-risk, then that data is also attractive to cybercriminals. They are interested in using identity information for fraud, therefore any personal information stored that can be accessed is vulnerable.
Hackers also make a lot of money from ransoms paid after data breaches. In addition to the cost of paying for ransoms, the huge amount of time spent dealing with the breach and aftermath can have a heavy impact on the board and nonprofit management. All that time has a cost and also takes away from the day-to-day business of running the nonprofit, as well as from progressing other much needed projects.
The Facts are Stark
In 2021, more than 50% of NGOs reported being targeted by a cyberattack according to the CyberPeace Institute.
Recent prominent incidents include an attack on the servers of the International Committee of the Red Cross, which took place in September 2022. It compromised personal data and confidential information of over 500,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster as well as missing persons and their families, and people in detention.
The costs of the attacks don’t just include the ransom itself, there are data recovery costs, the cost of down time, increased insurance costs, and even fines from regulatory bodies following data protection breaches.
“Cybersecurity and data protection is one of the most pressing issues not just for the CIO, but for executive teams and organizations boards. The problem is many have not realized that yet. We welcome any and all input in this space.” – Feedback to Microsoft survey
Other Issues from Cyber Incidents Affecting Nonprofits
Ransomware isn’t the only issue. A range of cyber incidents from data breaches to takeover of websites can plague nonprofits. Consequences are significant and costly, including:
- Disruption in ability to carry out activities
- Access to data held on donors and clients
- Identity theft
- Reputation harm/loss
- Precious funds have to be used to recover data
- Spreading of politically motivated messages or malicious information
- Holding the organization to scrutiny because of identified vulnerabilities in its cybersecurity
Statista reports that the average length of interruption after ransomware attacks on organizations in the United States was 22 days.
As a company firmly committed to modern governance, we understand the substantial disruption that the challenges of a major crisis can present for governing bodies. To help governance leaders prepare for future crises, we’ve put together a Crisis Management Toolkit with core considerations and guidelines, tips and best practices to implement immediately. Download your copy now!
Why Nonprofit Boards are Vulnerable
If nonprofits’ attractiveness to cybercriminals weren’t enough, nonprofit boards are also among the least prepared groups when it comes to cybersecurity. According to the 2021 Cybersecurity Guide for Nonprofit Organizations, although cybercriminals attempt to access government and nonprofit databases every 39 seconds, up to 70% of charity networks lack a comprehensive vulnerability assessment to determine risk.
The 2022 Ponemon Institute Report “The State of Cybersecurity and Third-Party Remote Access Risk” found that many cyberattacks occur due to unchecked access to third parties. In addition, nonprofit boards often don’t have appropriate security resources, practices, or knowledge to ward off cyberattacks.
This highlights a large gap in infrastructure and operation of nonprofit boards. Nonprofits that don’t prepare for and mitigate against cyber-attacks risk not only the loss of sensitive client and donor data but also possible legal action against the organization.
Using Governance Technology Helps Nonprofit Boards Establish a Sound Cybersecurity Framework
Using governance technology helps boards protect sensitive client and donor data, as well as prevent, mitigate, and respond to cybersecurity threats.
Governance technology brings in a sound cybersecurity framework that provides:
- Controls to limit 3rd party access
- User-based permissions to protect sensitive information
- Robust data encryption to secure board communication
- Allows new board members to get up to speed quickly on cybersecurity policies
Community members look to nonprofit boards for leadership in the event of a cyber emergency. The board needs to have a clear vision of who-does-what after a breach.
Microsoft’s Nonprofit Guidelines for Cybersecurity and Privacy identifies key cybersecurity and data protection challenges for nonprofits, and outlines possible first steps nonprofits can take to bolster cybersecurity and protect data.
Operating robust cybersecurity and cybersafety practices will allow nonprofits to protect their board, their nonprofit community members and keep their clients safe as they support them.
BoardEffect board management system is an all-in-one platform that contains all the tools your nonprofit board needs to conduct board meetings and share sensitive files and messages at any time. The BoardEffect portal offers built-in state-of-the-art security so there’s no concern over cybercriminals hacking into your board business. It’s a highly effective tool for managing all your board activities and processes, and it’s an easy thing to take off your plate so you can focus on the overall security of your organization.