According to the Symantec 2019 cybersecurity report, cyber-attacks are up 56% over the previous year. Enterprise ransomware, which holds an entire organization’s systems hostage, is up 12%.
Nonprofit organizations are especially vulnerable to attack because most lack dedicated IT resources who plan and defend against such attacks. A study conducted by CohenReznik found that 70% of nonprofits have not run a vulnerability assessment to discover potential gaps where attacks can occur. 69% of nonprofits surveyed in the same study do not have a cyber-attack response plan. You’re putting your organization, tribe, or government agency at risk by ignoring the threat.
Types of Attacks
Cybersecurity experts categorize attacks as ransomware, malware, trojans, viruses, and DDOS. Each enters the organization’s system in different ways. Ransomware, malware, trojans, and viruses may be picked up by visiting an infected site, downloading infected content, or clicking a link in an email intended to deliver the code necessary to infect the target computer.
DDOS stands for “distributed denial of service.” It’s an attack in which multiple compromised computers simultaneously try to access the target’s website. The resulting flood of traffic disrupts their ability to connect to the internet. New DDOS attacks utilize infected IoT devices as well as networks and computers to launch their assault. The resulting internet “traffic jam” shuts down websites and disrupts work.
Attackers are increasingly building advanced capabilities to target core banking systems, especially financial transaction websites and code. Think of how many times a day you receive payment through a known financial gateway: PayPal, Square, Stripe, and major credit card processors. If even one of these becomes compromised, hackers could access sensitive financial data, including your bank account, checking account, or balance in the system.
Not all attacks against such systems are sophisticated, however. Most are simple. An email appears in the bookkeeper’s inbox, for example, that seems to be an invoice from a vendor using PayPal. He clicks the link and finds he must log in to the system to complete the payment. The login information he just entered is recorded by the criminals for use later, like the combination to the bank’s safe. It’s a standard way by which criminals can access an organization’s financial information.
8 Tips to Protect Against Cyber Threats
If these facts scare you, they should. Countless organizations have been shut down or lost donor loyalty after an attack. Damage control is always more time-consuming and expensive than prevention.
With that in mind, we’ve put together these tips that any size organization, regardless of resources, can use to protect their cyber resources. Review this list and implement the tips today to improve your cybersecurity.
- Train staff to recognize and avoid attacks: The majority of attackers gain entry when an employee or volunteer clicks a link in a suspicious email. Teach your team to recognize phishing emails. Look for poor grammar and spelling, mistakes in the spelling of company names, and emails that appear suddenly and without prompting, asking them to reset passwords, etc.
- Insist on strong passwords: Strong passwords contain upper and lower case letters, symbols, and numbers. Require your team to change their passwords frequently (we recommend monthly). The strongest passwords are words, phrases, or combinations of letters, numbers, and symbols that attackers cannot guess easily.
- Block bad bots: Bots are used in DDOS and other attacks. A good internet firewall protects against malicious attacks. If the program recognizes an unusual traffic pattern, it blocks incoming traffic to protect the website.
- Invest in good antivirus software: Invest in the best antivirus software you can afford. We use Kaspersky Total Security and also know Norton and McAfee are 2 others that offer complete protection. There are many great options. Just be sure to update your software as frequently as the manufacturer advises.
- Make backups of everything: Backups can be a lifesaver if your site goes down. With backup files, you can move to uninfected computers quickly and get systems up and running while you investigate the source of the breach. Make backups and save them on machines, disks, or external hard drives disconnected from the internet and stored securely in a fireproof vault or safe. An additional offsite backup is also a good idea.
- Control, monitor, and regular physical access to your computers and systems: Require a login if a computer has been idle for more than a reasonable amount of time. Control who has access to sensitive data such as employee or donor files, and financial systems.
- Switch to cloud systems: Cloud fund accounting systems are maintained on multiple servers so that if one goes down, backups automatically take over. They tend to have better security than most organizations can afford for their hard drives, and the software is often automatically updated by the maker. While not impervious to attack, cloud systems tend to withstand them more often.
- Be smart about phishing scams: Phishing scams try to trick you into disclosing personal information such as passwords or security question information. Many phishing scams arrive as emails declaring you need to reset your password; others claim your account was hacked and you need to reset your password. Caution employees not to offer any personal information via email or social media. Harmless social media quizzes that ask if you remember your childhood phone number, what your first car was, etc. are all the types of questions used by financial institutions and others to secure your account. Disclosing the information on social media may make a hacker’s job easier. Phishing Scam protection software is very affordable and always a good measure of protection, but for now, educating your team about how phishing works will help reduce the risk of being exposed.
Although you cannot protect against every possible cyber-attack, you can do much to prevent many of them. A few steps now can save you a great deal of time, money, and trouble later.
Cornsilk Company is a Native American woman-owned company made up of fund accounting experts with an accounting background and a deep understanding of your bottom line. With over 30 years of software implementation experience and a menu of services, Cornsilk is the wise choice when choosing a technology partner. For assistance with your technology needs, contact us online or email Janice.Patton@CornsilkCo.com.