Nonprofit Cybersecurity Risks: Common Attack Methods

Topics: Cyber Liability

Summary: Nonprofit organizations may have an increased risk for cybersecurity attacks than other types of business, due to the sensitive information they possess on volunteers and donors – and a lack of cybersecurity measures in place. This article discusses some of the common nonprofit cybersecurity risks, and what can be done to help avoid them.

Nonprofits do some of the noblest work for the at-risk communities in the world. Between financially supporting children and families going through the worst times in their lives to providing education funding for students who might not otherwise have the opportunity, charitable organizations change the world one person at a time. Unfortunately, the perceived large coffers of these organizations and the inherent risks involved with daily business can put nonprofits at risk for a cyberattack.

Throughout 2020, the COVID-19 pandemic has inspired many individuals across the country to give back. Nonprofit organizations were hit hard by the crisis, much like many other industries, and Americans have found ingenious ways to help others during the pandemic. Since March, volunteering has increased across the United States, with many nonprofits offering remote volunteering opportunities in an effort to keep their volunteers safe.

The coronavirus crisis has brought uncertainty throughout the nation, with businesses of all sizes, government agencies, healthcare facilities, nonprofits, and individuals at risk for cybersecurity attacks. Cybercriminals often use chaotic times to find vulnerabilities in systems or play on people's fears. It's more important than ever to be vigilant and keep sensitive information as safe as possible.

Nonprofit Cybersecurity Risks to Avoid

There are several ways that nonprofits are prime targets for cyberattacks. Here are three of the most common risks associated with the business of charity:

Nonprofit Cybersecurity Risk #1: Online Donations

While technology has made it much easier for nonprofits and charitable organizations to accept donations online, it has also made it that much simpler for a digital pickpocket to steal from the organization. While payment is easy for the customer, having an unsecured website could mean leaving an open avenue for a cyberattack.

Nonprofit Cybersecurity Risk #2: Phishing Scams and Ransomware

Communicating with donors, partner organizations, and clients is a simple process today. Automated emails and newsletters keep interested parties aware of what's going on in the organization. But as you're responding to emails, you could be putting the organization at risk. Clicking a bad link, downloading a seemingly safe Word, Excel, or PowerPoint file, or even just opening a PDF file could put your hard-won funds at risk.

Cybercriminals use phishing emails, a type of social engineering scam, in an attempt to obtain sensitive information. They may also install ransomware, or ransom malware, on a nonprofit's computer system, blocking access until they receive a sum of money or another action has been completed.

Nonprofit Cybersecurity Risk #3: Volunteers

Volunteers share their time for many reasons, from being a surviving family member to wanting to give back to the local community. And while many volunteers have good intentions, there are a few that may volunteer their time to gain access to your data stores. Training time is short, onboarding an on-the-job process, and the bad guys can sometimes slip through the cracks, leaving your organization at risk for a cyberattack.

Preventing Cybersecurity Attacks on Nonprofits

Nonprofit organizations are often a risk for cyberattacks because they may have fewer cybersecurity measures in place than other business types. Additionally, they collect a treasure trove of information on their volunteers and donors, from addresses and phone numbers to credit card details.

While nonprofit cybersecurity risks cannot be avoided altogether, many cyberattacks can be prevented. Here are three of the best ways you can lower nonprofit cybersecurity risks:

Lock Down the Digital Donation System

Using encryption and a secure website helps protect information during online financial transactions. Whether accepting donations or accepting payment through an online store, protecting customer and company data should be a top concern for nonprofit cybersecurity

Secure Your Email Communications

Using a secure server and network to collect, sort and transmit important donor information can help you keep your email communications secure. Email addresses, physical addresses, and other personal identification information can be used in a nonprofit cyberattack.

Get a Criminal Background Check

Starting the onboarding process with a criminal background check is one of the best ways to ensure your volunteers are there for good will. In addition to making sure you have the right people, be sure to train employees on cybersecurity at the beginning of their safety training to make sure there isn’t an accidental cyber breach.

Protect the Organization with Cyber Insurance

Nonprofit organizations face unique risks, and that's why AmTrust Financial provides a variety of lines of insurance coverage specifically tailored to their needs. Our Nonprofit Management Liability policy, for example, includes D&O Liability, EPLI, Fiduciary Liability and Cyber coverage. Our agents are able to address the specific challenges that nonprofits and government employers face. For more information about our nonprofit insurance, please contact us today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.


Time Zones