Not-for-profit associations and organizations are no longer just collateral damage in the cybersecurity wars. They are increasingly becoming the intended targets.
Along with small businesses, not-for-profits have several vulnerabilities that make them extremely attractive primary targets for hackers. These vulnerabilities also make not-for-profits an unwitting stepping stone to bigger phish.
Four factors, common to most not-for-profits, put them significantly at risk:
Volunteers are the lifeblood of not-for-profits, the engine that makes them work. But they are also a significant risk. Issues range from the fear of alienating volunteers with onerous security requirements and procedures to going outside of protected systems and providing information in unprotected formats for volunteers to work on. The problem is less about the volunteers themselves than the way not-for-profits think volunteers will react.
2) Lack of Funding
Traditionally, not-for-profits are understaffed, utilizing volunteers instead of paid professional staff. They do not spend sufficiently on technology infrastructure, nor have the professional IT support to implement and maintain best practices for security.
Coupled with lax security, not-for-profits have a lot of sensitive information about their constituents that go well beyond a credit card number. User names, email addresses, home addresses, donation history, and passwords can all be used by hackers who meticulously gather and share information to build profiles of potential targets.
4) Because You’re There
Sean Parker, founding president of Facebook, has said: “We (hackers) hack systems that can be hacked and leave the rest. This is core to the hacker mentality.” Hackers frequently will find a vulnerable system and drop malware or programming there with no larger plan -- other than maybe activating it later. It could be taking over a website, redirecting website traffic, or turning an infected computer into a bot to participate in a larger attack on a bigger system. Not-for-profits are very vulnerable to these kinds of hacks.
Stay tuned for upcoming articles which will focus on how to address issues that put non-profit associations and organizations at particular risk.
This article was written by proLearning innovations. proLearning can help prevent your association from becoming a victim of cyber criminals. Contact them at 647-847-1853 to learn more about their security policy templates and their online IT Security Training Program for Employees and Volunteers.
The CSAE BoardREADY Card Deck has some suggestions that can help Boards and directors in the position to be concerned about the risk of hackers.
First off, what are the organization's legal responsibilities to protect itself, its members, and any data it compiles? What are the costs associated with liability in the event of a hack compared to preventative measures made against hacking? Is the organization looking far enough into the future to not only identify and understand the current threats to its integrity but also how those threats and new ones will develop as time goes on and technology changes?
Click a Card to See its Content