Late in 2020, the dangers of the coronavirus pandemic have created fundamental shifts in how nonprofits conduct daily operations. As many nonprofits have moved to remote work settings to protect employees and volunteers, a new risk is emerging: cyber threats, or the unlawful intrusion into computer networks. To better prepare organizations, the cyber security experts at Venable LLP have allowed sharing of critical information on protecting vital data. Venable’s guide to best cyber security practices is a tremendous resource as we work to secure our nonprofit systems.
Cyber Criminality on the Rise
Through the middle of 2020, Venable’s own nonprofit clients have experienced a sharp uptick in cybercrimes. Most of the incidents reported were linked to remote work; unexpected vulnerabilities in remote access systems, coupled with insufficient training of employees and volunteers, have led to significant gaps in cybersecurity. The most frequent types of cybercrime incidents include:
- Billing fraud
- Identity theft of nonprofit stakeholders (managers, staff, and volunteers)
- Data theft
Nonprofits are not the only sector experiencing the onslaught of hackers – the healthcare industry, banking operations, and corporations of every size and type have also seen a steady rise in criminal incidents over the past year.
Defending Against Cyber Criminals
In its October 2020 publication, Venable stresses that nonprofits fully integrate cybersecurity into enterprise-level risk management practices. Getting started in security critical computer systems is often the most challenging part for any nonprofit. Venable recommends following the National Institute of Standards and Technology’s (NIST’s) Cybersecurity Framework developed under the Obama Administration to help ease this potential difficulty. This framework consists of five components:
- Identify – controlling who has access to computer systems through individualized user accounts and by establishing policies and procedures designed to protect access to authorized users.
- Protect – limiting access only to those who need it, setting up firewalls and filters, securing access points, and training of all users in cybersecurity principles.
- Detect – monitoring computer systems for signs of intrusion and by using anti-virus/anti-spyware programs to uncover attempts to gain unauthorized access.
- Respond – nonprofits must develop an action plan for cyber breaches in advance of an attack.
- Recover – establishing policies and processes for backing up mission-critical data and adding cyber insurance to the nonprofit’s policies.
Cybercrimes can quickly disrupt the operations of any nonprofit. By taking the steps to protect computer systems, these organizations can continue to serve others and to face any challenges that may arise.
Volunteers Insurance Service Association, Inc. (VIS) was established in 1972 for the purpose of providing insurance and risk management services for volunteer-based organizations. In addition to still providing these insurance services today on a nationwide scale, we have expanded to provide noninsurance resources for members to manage their risks and improve their operations. By transferring the volunteer risk exposure to our program, we can help you protect your organization. Contact us today at (800) 222-8920 for more information on our programs and services. Join now!