Not-For-Profits: Cybersecurity & Risk Considerations

A not-for-profit organization’s ability to defend itself against the onslaught of cybersecurity risks is a daunting challenge in the best of times, but the ongoing pandemic has made this situation exponentially worse. A perfect storm has arrived, combining a lack of funds needed for security expenditures with some employees having to work from vulnerable home offices, all while cyber criminals ratchet up their activity, looking to sow profit from the chaos. Below are some of the nefarious cyber-criminal activity that has occurred since the pandemic began:

• An 800% spike in ransomware attacks
• Thousands of fake website purporting to be Paycheck Protection Program or COVID related
• Blackbaud, a U.S. based cloud computing provider and one of the world's largest providers of education administration, fundraising, and financial management software, notified users that it had suffered a ransomware attack
• Cybersecurity officials from the U.S., U.K., and Canada issued a warning about a hacker collective targeting U.S., U.K., and Canadian vaccine research and development organizations
• A 600% increase in spear phishing attacks

While maintaining strong cybersecurity defenses may seem overwhelming during COVID, there are basic questions every organization should be asking to ensure their data remains safe and secure:

• Have you completed a cyber-risk assessment to identify any vulnerabilities that threaten your organization?
• Do you provide cybersecurity awareness training to your employees that reflects new COVID-related threats?
• Has your cybersecurity awareness been supplemented training with simulated spear phishing tests to gauge which employees are susceptible to an actual attack?
• Have you reviewed third-party agreements to ensure that provisions for data protection are outlined and obligations are clearly delineated?
• Is your Information Technology (IT) department monitoring the increased number of remote connections to identify any suspicious activity?
• Have your employees updated their home routers, laptops, and other computer equipment to ensure they have the latest and most secure patches installed?

Unfortunately, many not-for-profit organizations don’t have the resources or personnel needed to identify and combat these threats. Although most organizations would identify the likelihood of data breaches and resulting impact to their organization to be seriously harmful and a high-priority risk, the ability to take the necessary steps to mitigate such damage can be a daunting task. An affordable, and more importantly scalable, cybersecurity assessment can assess the key facets of your not-for-profit’s IT environment to help pinpoint the multitude of potential risks that threaten the organization, while also providing strategic guidance on how to address them. Citrin Cooperman’s proprietary Security, Compliance, and Operations Risk Evaluation Report (SCORE Report) is one of the many tools that can be tailored to meet your organization’s unique situation and provide a high level and cost-effective assessment.  

We Are Here to Help
As data privacy breaches and acts of cyber terrorism continue to grow in complexity and prevalence, not-for-profit cybersecurity controls and contingency plans must keep pace. Citrin Cooperman’s wide array of cybersecurity services, including a SCORE Report, can help your not-for-profit stay safe from cyber-attacks and avoid becoming that next data breach headline. Please reach out to your dedicated Citrin Cooperman Not-for-Profit Practice team at any time, as we are ready and able to assist you and your organization.