The Bad Guys Don’t Care You’re The Good Guys

The Bad Guys Don’t Care You’re The Good Guys

James Crossland

Digital Marketing Manager|Kerv digital

Published 06/07/22 under:

Have a question about something here?

Get in touch

Cyber Security In The NonProfit Sector

 

How to improve your NonProfits Cyber-Security – Quickly, easily… and at low cost

 

You may be wondering why the NonProfit sector needs its own guide around Cyber Security. Afterall… shouldn’t Cyber Security be the same across all organisations?

Whilst this is broadly true, Not-for-Profit organisations have unique concerns around cyber-security that can leave them particularly vulnerable to Cyber Actors and so these concerns deserve to be addressed separately.

 

As a sector, NonProfits hold a tremendous amount of data on people of a personal, commercial, and financial nature, as well as having access to large funds of money (donations) that many cyber actors are incredibly interested in.

Now you may feel your NonProfit is both perfectly aware of these cyber threats and secure against the risks posed by cybercriminals (and it may well be you are) but the National Cyber Security Centre (NCSC) has, on several occasions, publicly stated that many charities, especially smaller ones, don’t realise how tempting a target they make to cyber scammers.

One of the problems facing the sector is that no-one’s quite sure of the scale of the problem.

Whilst some cyber crimes do get reported by NonProfits, many don’t for fear of the reputational damage it will cause amongst their donors and volunteers.

 

NonProfits have a duty to spend as much as they can on their chosen cause and malicious cyber activity can really impact their ability to do so, whether through Denial of Service attacks (DoS) or through more direct methods such as the theft of funds or even indirectly through damaging the reputation of the sector as a whole. After all, who’s going to be happy donating to a charity if they thought their money would just end up in the pocket of a cybercriminal?

Who’s Targeting The NonProfit Sector?

As we’ve already said, charities hold both a lot of disposable funds and personal information on their donors and volunteers. Coupled with that they’re also vulnerable to other forms of attack (more on those in a minute) that could hurt their reputations with potential donors.

Now obviously the type of information about donors (or the amount of money in accounts) that’s held will vary widely from charity to charity, depending on their size, cause, structure or stated goals but all will still be vulnerable to attacks such as viruses, phishing emails, ransomware attacks, identity theft and Denial of Service.

 

Kerv Digital recently wrote an article on the different types of Cyber Criminals at work today (you can read it here>>) but the types of cyber-actors targeting charities might vary slightly.

Those targeting the charitable sector could very well be advanced ‘cybergangs’ but unfortunately they could also be small time individuals, operating from anywhere on the globe (making them much harder to track down after the fact).

This is why prevention has to be key.

 

The technical skills needed to commit a cyber-offence aren’t anywhere near what they used to be, with multiple tools available to make the job even easier, all available through criminal forums on the Dark Web.

These forums even offer out their services and tools under something known as Crimeware-As-A-Service with specific advice on how to target NonProfits.

Whoever attacks you though will have one thing in common with all other cybercriminals… they’ll be motivated by financial gain.

How they get that though will vary, from the outright theft of funds held by charities right through the gamut of online criminal activity to fraud, bribery and data theft.

This means, in todays day and age, the charity sector needs to be prepared for both organised gangs and individuals sat at home, in their bedrooms, possibly a continent or two away!

Types Of Cyber Attacks NonProfits Are Vulnerable To

Whilst there’s a whole host of attacks that a NonProfit may be subjected to, the ones they’re especially vulnerable to tend to be…

 

  • Ransomware & Extortion – Charities, by their very nature, have to be open and forward facing. Their entire model is predicated on people being able to contact them to either volunteer or make donations. This, however, can leave them open to extortion or Ransomware attacks.
    These malware attacks normally rely on a technique called social engineering to succeed. They’ll attempt to deceive end users into clicking on malware-infested links in phishing emails or by visiting compromised websites.
    In recent years a lot of charities have been targeted directly with these attacks in an attempt to not only steal or deny access to data but to delete or change it for nefarious purposes (something they ICO take very seriously). Cybercriminals attackers may will steal this data and threaten to release it unless a payment is made (or another demand is met). Any NonProfit involved in the protection of vulnerable individuals or holding sensitive medical data in particular need to look out for these kinds of scams.
  • ·Phishing Attacks – Another common attack (that we’ve spoken of in much more depth elsewhere) aims to trick employees or volunteers that have access to a Not-For-Profits donations and funds into transferring them to a Cyber Actors account, normally by spoofing an email from the CEO or other high level staff member requesting it.
    There are multiple variations of this fraud but always remember, it only takes a second to head to someone’s office or pick up the phone to verify if an email is real.
    Criminals may succeed in prompting fund transfers using purely social engineering, but more developed campaigns combine the fraud with the deployment of malware to capture information that can be used to generate even greater returns. Charities operate on a culture of trust and openness, and whilst we wouldn’t want to see that change, it does leave them especially vulnerable to this type of attack.
  • Fake Websites & Apps – A particularly insidious form of attack doesn’t target the charity at all, but rather their supporters.
    Tricking donors into giving money via a fake website, app or email campaign is becoming increasingly common and does untold harm to the reputation of the charity… often through no fault of their own.

How To Prevent Cyber Attacks On A NonProfit Organisation

CULTURE & TECH

Charities, much like other organisations, have a duty of care to safeguard their data and good security is a massive part of that.

That really falls under two categories though… Tech & Culture.

Surveys by the National Cyber Security Centre (NCSC) repeatedly show that NonProfits, as a sector, have a “broad lack of specialist staff with technical skills to cover cyber security, a low awareness of government support available and a low level of digital skills”.

 

Addressing that issue on a technological level is important as Cyber Actors will target organisations they deem as ‘weak’.

Something as similar as an up to date firewall can shift their attention away from you to a different target but… ultimately, all the security precautions in the world will be for naught if you don’t bring your staff and volunteers along on the journey (culture).

The best firewall on the planet won’t help you if Jeff from accounts keeps clicking on links in emails from the Sultan of Zimbabwe who needs his help transferring funds out of the country.

We ‘re obviously not being 100% serious there but you take our point.

Cyber Criminals are becoming increasingly sophisticated and your staff need to be aware of how they might be targeted so they can be on the look out for it.

 

There’s a huge gap in understanding the scale and scope of cyberthreats between different organisations in the NonProfit sector and that gap needs to close if trust in the sector as a whole is to continue.

Donors are unlikely to continue to support their chosen cause financially they begin to fear their donation may go astray.

Although it may seem like an uphill struggle, investment in Cyber-Security doesn’t have to be a huge investment in either money or time but in the end in the end, whatever resources are applied to the problem will always prove cheaper than repairing the damage after a successful cyber-attack.

Related Articles

You might also be interested in

From our world to yours

Compliance monitoring under the spotlight

From our world to yours

The rise of business messaging apps and the need to stay on...

From our world to yours

Compliance: important ownership changes while adapting for flexible remote workforces

From our world to yours

Data silos and legacy compliance monitoring systems – barriers to effective surveillance...

From our world to yours

What it takes to top the Gartner CCaaS Magic Quadrant

From our world to yours

Why gamification is topping the bill for contact centre agent workforce management...

From our world to yours

8 contact centre trends to future proof your business

From our world to yours

Spotlight on Local Government – Where is CX heading for citizens?

From our world to yours

Think bigger with Microsoft Teams.

From our world to yours

Microsoft Teams is here to stay, what’s the next step?

From our world to yours

At Kerv we want to make customer-first really mean something…

From our world to yours

Different by design

From our world to yours

How Engagement Technology is Transforming the Membership Sector

From our world to yours

A modern CRM system needs a modern data platform

From our world to yours

What is… Microsoft Cloud for NonProfit?

From our world to yours

6 Back-office technologies modern supply chains should already be using

From our world to yours

Re-imagining CX in a golden age of integrations – combining Genesys and...

From our world to yours

Maximising CX value through AI-driven digital engagement

From our world to yours

Experience as a Service: What it is, why it’s important and where...

From our world to yours

Achieving empathy across digital channels

From our world to yours

Redesigning CX from the ground up

From our world to yours

Genesys EMEA Cloud Partner of the Year 2020

From our world to yours

Life at Kerv Digital As A Functional Consultant

From our world to yours

Life @ Kerv Digital as an Apprentice Power Platform Consultant

From our world to yours

How To Increase Efficiency With Dynamics 365 Supply Chain Management

From our world to yours

Supply Chain Control Towers – The Tech That’s Changing Logistics Forever

From our world to yours

Supply Chain Digital Twins – The What, The Who & The Why...

From our world to yours

On-Demand Logistics & The Tech That Makes It Possible

From our world to yours

What Is… Insurtech?

From our world to yours

What Is… Microsoft Cloud For NonProfit?

From our world to yours

16 Times You’ve Been Using Artificial Intelligence Without Realising

From our world to yours

Jack’s Worried – His Website Is Losing Him Dues Paying Members

From our world to yours

From Paper Based To Cutting Edge… With Zero Downtime

From our world to yours

Life at Kerv Digital as a UX Designer

From our world to yours

Sarah is Sad – Her Staff Aren’t Finding New Members Or Engaging...

From our world to yours

How To Squeeze Hidden Value From The Hidden Data You Didn’t Know...

From our world to yours

Reducing Member Churn & Delivering Member Insights With Data Science

From our world to yours

Life @ Kerv Digital As A Dynamics Functional Consultant

From our world to yours

The Effect Fintech Is Having On Our Everyday Lives

From our world to yours

Dealing With Ethical Walls In Tech… Ethically

From our world to yours

Life @ Kerv Digital As A DevSecOps Engineer

From our world to yours

IOT: Dragging The Future Of Healthcare Into Today

From our world to yours

How Will Tech Revolutionise Health Care Over The Next Half Century?

From our world to yours

Empowering Public Transport With Big Data

From our world to yours

Putting Patients First Vs. Cost Concerns

From our world to yours

Life @ Kerv Digital As A Power Platform Solution Architect

From our world to yours

What’s The Best CRM For The Membership Sector?

From our world to yours

How Remote Patient Monitoring Data Can Drive Health Efficiencies

From our world to yours

Is A Career In NonProfit Digital Transformation Rewarding?

From our world to yours

Six Back-Office Functions NonProfits Should Be Using Robotic Process Automation For

From our world to yours

How Data Storage Management Will Change In 2022

From our world to yours

Business Central Vs Sage – Which Does Your Organisation Need?

From our world to yours

How To Debug Something With A Rubber Duck

From our world to yours

Using Design Thinking To Empower Digital Transformations

From our world to yours

How Business Central Can Keep You GDPR Compliant

From our world to yours

What Can Business Central Actually Do?

From our world to yours

Why Data Classification Is Vital To Your Organisation (And How To Easily...

From our world to yours

How To Inspect Items When Using The Execute Pipeline Activity In ADF/Synapse...

From our world to yours

How To Create UI Flow’s In Power Automate

From our world to yours

D365 BC Vs D365 FO: Let’s Settle This Once And For All!

From our world to yours

How To Drive Donor Engagement With Kerv Digital’s Free Powerups

From our world to yours

9 Awesome Benefits To The Microsoft Dataverse

From our world to yours

Canvas Apps Vs Model-Driven Apps

From our world to yours

How To Set Up Field Monitoring In Business Central

From our world to yours

Check Out The Benefits Of The Microsoft Catalyst IDEA Framework…

From our world to yours

Component Led Development, Or… How To Make Your Organisation Instantly More Resilient

From our world to yours

How To Achieve A Single Customer View In 5 Easy Steps

From our world to yours

Best Practice For Creating Cloud Flows With Microsoft Power Automate

From our world to yours

Legacy Estate Reduction… Or When To Get Rid Of Old Tech

From our world to yours

What Is Fintech?

From our world to yours

How To Get Better At: Online Continuous Personal Development (CPD)

From our world to yours

Virtual Exam Proctoring (Or How To Stop People Googling The Answers At...

From our world to yours

How Hyperautomation’s Benefiting PAO’s (Professional Accountancy Organisations)

From our world to yours

Cyber Security For Remote Working… How Everyone Can (And Has To) Pitch...

From our world to yours

What Is An Advanced Persistent Threat (APT’S) Attack?

From our world to yours

Visualising Your Data Differently With Power BI

From our world to yours

Database Marketing – What Is It & How Can You Benefit From...

From our world to yours

Microsoft Dynamics Cloud Licensing Options – What’s Available?

From our world to yours

Privacy By Design – What You Need To Know

From our world to yours

How To Connect To A Named Sandbox Environment

From our world to yours

What Are The Different Types Of Cloud Licensing Agreements?

From our world to yours

How To Export To Text Files From Microsoft’s Business Central SAAS

From our world to yours

Technical Debt – The What, Why, When & How Do I Get...

From our world to yours

Ensuring Business Continuity With The Microsoft Stack

From our world to yours

What’s The Best CRM For The NonProfit Sector?

From our world to yours

Rage Donations – How To Engage Past The ‘Now’

From our world to yours

What Is It & How To Avoid: Vendor Lock-In

From our world to yours

Build The Future Of The NonProfit Sector… Today

From our world to yours

Data Protection & Artificial Intelligence: Best Practice

From our world to yours

Shadow IT – 9 Things To Look Out For & 1 Unexpected...

From our world to yours

Organisational Debt & Why It Makes Digital Transformation Hard

From our world to yours

Discussing All Things RPA… Robotic Process Automation

From our world to yours

Creating A Low Code App Using PowerApps & The Power Platform

From our world to yours

Now’s The Time To Get Excited About Cognitive Search

From our world to yours

If You Don’t Have An Automated Deployment Process… You’re Already Obsolete

From our world to yours

Tips & Tricks To Creating Successful Volunteer Management Systems

From our world to yours

The Five Types Of Cyber Criminals

From our world to yours

Security-By-Design: Or… Better Safe Than Sorry!

From our world to yours

Leading With Technology In The Membership Sector

From our world to yours

What Does IAAS, PAAS & SAAS Stand For?

From our world to yours

What Is Business Architecture?

From our world to yours

What Is Data Gravity? (And How Your Organisation Can Benefit From It)

From our world to yours

How To Fix DateTime Stamps In Microsoft Dynamics 365

From our world to yours

6 Easy Steps For Promoting A Culture Of Cyber Security

From our world to yours

15 Cyber Security ‘Things’ To Safeguard Your Business

From our world to yours

Microsoft Dynamics 365: Settings In solutions

From our world to yours

13 Ways To Save Money When Using Microsoft Azure

From our world to yours

The Problems With Addresses In Microsoft Dynamics 365

From our world to yours

Understanding The Benefits Of Predictive Science In The NonProfit Sector

From our world to yours

Top 6 Digital Impacts On Membership Organisations

From our world to yours

The 7 Stages Of A Successful AI Project

From our world to yours

What’s The Difference Between UI And UX?

From our world to yours

8 Ways Your Business Can Increase Turnover With Big Data

From our world to yours

Dynamics 365 In NonProfits

From our world to yours

Kerv acquires TDS Global Communications Compliance Practice

From our world to yours

What is Microsoft’s Power Automate?

From our world to yours

What is InvestTech?

From our world to yours

Derek Is Stressed – His Purchasing Team Aren’t Coping With Long Winded...

From our world to yours

Life @ Kerv Digital As A Jnr DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As A Principal Architect

From our world to yours

Life @ Kerv Digital As An Azure DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As Head Of Client Services, Public Sector

From our world to yours

Life @ Kerv Digital As A Junior DevSecOps Engineer

From our world to yours

Life @ Kerv Digital As A Graphic Designer

From our world to yours

Microsoft Inspire 2022 – Here’s All The Big Announcements!

From our world to yours

The Need for WhatsApp Compliance Recording

From our world to yours

Life @ Kerv Digital As A UX Researcher

From our world to yours

Life @Kerv Digital As A Senior Delivery Manager

From our world to yours

Life @ Kerv Digital As A Senior Delivery Manager

From our world to yours

Data Silos and Legacy Compliance Monitoring Systems – Barriers to Effective Surveillance...

Have a question?

Leave your details and a member of the team will be in touch to help.
Type your first name here
Type your last name here
Type your phone number here
Type the company you represent here
By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.