Cyberattacks are up 40% globally in 2026. Nonprofits aren’t immune to the threat; they are also experiencing an uptick in cybercrime. Both large and small organizations have been hurt by cyberattacks. According to U.C. Berkeley’s Center for Long-Term Cybersecurity, a hunger relief nonprofit in Philadelphia lost $1 million to a cyberattack; the International Red Cross experienced the theft of personal data for over 500,000 people it had served.
While you may think your nonprofit is too small to be affected, criminals know that smaller nonprofits are less likely to have robust cybersecurity controls and training in place to guard against attacks. It doesn’t take much to get beyond people’s defenses if they haven’t been trained to watch for threats.
We recommend taking several steps to protect against cybercrime. Just as you make sure you lock the doors of your office each night to keep robbers out, you must also lock the “digital door” to prevent cybercrime. These tips will help.
Evaluate Your Cyber Defense Strategy
Take time now to evaluate your organization’s cyber defenses. These include:
- Routine updates for software
- Special antivirus software
- Training for all personnel to recognize, avoid, and respond to threats
- Cyber security response plans
- Cyber liability insurance
Keep All Software Updated
Attackers find and exploit vulnerabilities in existing software. This includes operating systems (Microsoft Windows, Mac OS), applications (Word, Excel, others), and websites. Companies issue updates and patches once these vulnerabilities are known. Keeping all your software up to date prevents many attacks from succeeding by closing loopholes in system code.
Invest in Anti-Virus Software
Sure, your PC might come with Microsoft Defender installed. Or you might find free antivirus software online. But these programs come with limitations. Experts agree that installing an extra layer of protection, an antivirus software package, adds another layer of protection.
Many companies offer antivirus software, including McAfee, Norton, Sentinel One, and others. Check reviews and prices and discuss with your IT consultant which one might work best for your organization.
Fortunately, if you use cloud-based nonprofit accounting and other cloud-based systems, they typically include all updates and update automatically.
Train Your Personnel to Recognize Cyberattacks
While software can help ward against attacks, the best defenders in your organization are your employees. Most cybercrimes happen because people make mistakes. They click on bad links or respond to phishing texts. They download infected software. They inadvertently reveal passwords or answers to security questions that can be used to access accounts.
Create a training plan to help everyone in your organization remain vigilant against phishing and other cyberattacks. This isn’t a once-and-done training; it should be held regularly to keep the information fresh in everyone’s minds. Provide concrete examples of what attacks might look like, and ensure people know the approved process for activities such as downloading software, resetting passwords, and accessing systems.
Cybersecurity Response Plans
Do you have a cybersecurity response plan? Such plans provide your team with guidelines in the event of a cyber breach. For example, what if antivirus software flags a file they just downloaded as infected—do they know how to quarantine and who to report it to?
Working with a nonprofit consultant or your IT director, develop what-if scenarios. Document the steps you’d like your team to take if they believe a data breach or cyber-attack has occurred. Be sure to update these plans annually and include them in your team training.
Purchase Cyber Liability Insurance
Along with workers’ compensation and general liability insurance, smart organizations also purchase cyber insurance. This insurance provides protection against data breaches and cyberattacks. Costs and coverage vary widely, so speak with your insurance agent to determine the package that suits your risk level and needs.
Prevent Cyberattacks Before They Happen
The old adage, “An ounce of prevention is worth a pound of cure,” is definitely true when it comes to cybercrime. No matter how small your organization is, you’re a target. AI has made it easier than ever for criminals to launch campaigns, and they work hard to personalize them to make them seem real. Take steps now to protect your organization.
Welter Consulting
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.
Recent Comments