Non-profit and charitable organisations are facing an increase in cyber security challenges. Often with limited resources and a wealth of sensitive data, nonprofits have become prime targets for cybercriminals.
Past Cyber Attacks
In October 2023 the British Library experienced a ransomware attack that resulted in shutting down its computer, phone and WiFi systems for almost a month. After the Library refused to pay the ransom hundreds of files were released onto the dark web. Now, almost a year on, the Library has revealed its plans for cyber resilience going forward.
The National Trust also fell victim to a ransomware attack that disrupted their operations. Thankfully no data was stolen but the attack caused significant operational challenges and highlighted the vulnerabilities in their cyber defences.
These incidents underscore the importance of maintaining continual robust practices in cyber security for charities. Regular training, strong passwords, multi-factor authentication, and regular software updates can all help support this effort and mitigate the risks.
Common Entry Points for Cyber Attacks
By taking proactive steps, nonprofits can easily protect their valuable data and maintain the trust of their supporters. Attacks are not always that sophisticated. Attackers will often exploit several common entry points in charity systems that can easily be addressed.
Some of the most frequently used are Phishing Emails – which are deceptive emails designed to trick recipients into revealing sensitive information or downloading malicious software. They often appear to come from trusted sources.
Weak Passwords are still a common problem with simple or reused passwords making it easier for attackers to gain unauthorised access to accounts and systems.
Unpatched Software where outdated software may present vulnerabilities is another issue that attackers exploit. Regular updates and patches are crucial to close these security gaps.
By addressing these vulnerabilities through comprehensive security policies, regular training, and robust technical measures, charities can significantly reduce their risk of cyber-attacks.
Cybersecurity Success Stories
Some of the more successful breach prevention strategies that have been effectively implemented by various organisations, including charities are:
- Regular Security Training: One charity implemented quarterly cyber security training sessions for all staff and volunteers. This training included recognising phishing attempts, safe internet practices, and proper data handling procedures. As a result, they saw a significant decrease in successful phishing attacks.
- Multi-Factor Authentication (MFA): A non-profit organisation adopted MFA for all their online accounts and systems. This added layer of security required users to provide two or more verification factors to gain access, drastically reducing unauthorised access incidents.
- Regular Software Updates and Patching: Another charity established a strict policy for regular software updates and patching. By ensuring all systems and applications were up to date, they minimised vulnerabilities that could be exploited by attackers.
- Data Encryption: A large non-profit encrypts all sensitive data, both in transit and at rest. This meant that even if data was intercepted or accessed without authorisation, it would be unreadable without the proper decryption keys.
- Incident Response Plan: One organisation developed a comprehensive incident response plan, including regular drills and updates. This plan ensured that in the event of a breach, they could quickly contain and mitigate the impact, reducing downtime and data loss.
- Third-Party Vendor Assessments: A charity conducted thorough security assessments of all third-party vendors before engaging with them. This included reviewing their security policies, practices, and past incidents to ensure they met the charity’s security standards.
Implementing these strategies can significantly enhance an organisation’s cyber security posture and help prevent breaches.
Want to find out more about how best prepared your organisation is against cyber-attacks and where your vulnerabilities are?