Cyber Monday 2019, for example, saw a 58% increase in encrypted attacks on the previous year alone, according to SonicWall Capture Labs threat researchers. Their team further recorded a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from Nov. 25 to Dec. 2. As the numbers show, access to data is a valuable bargaining chip for extortion — one cybercriminals use with abandon.
When attacks like these happen to household brand names like Adidas, or national institutions like the NHS, smaller businesses fall into the trap of thinking that cyberattackers exclusively target large organizations.
But small- to medium-size businesses (SMBs) and smaller philanthropic organizations are not immune. In fact, cyberattackers often focus their attention on smaller businesses because they are more likely to have low levels of sophistication in network security and even smaller IT budgets dedicated to cybersecurity. Case in point: in the past 12 months, 66% of SMBs experienced some kind of cyberattack resulting in average net losses of up to $2.5 million because of disruption to normal services.
That’s why it is imperative for nonprofits to ensure their security posture is as robust as possible from the outset. Here are some easy-to-implement and cost-effective practices that all organizations should consider for their cybersecurity strategies in 2020.
What can nonprofits and philanthropic organizations do?
Make sure the websites you use are using SSL or TLS encryption
SSL and TLS encryption protects organizations’ and donors’ data as it is transmitted online. A site is encrypted if the URL begins with “https:” instead of “http:”, and your browser displays a padlock icon. Encryption is the absolute minimum of security for online businesses, but a critical added layer for businesses that can budget for more sophisticated security measures.
Beware of email links & attachments
Phishing schemes tend to rise dramatically during the last quarter of the year. In addition to email, cybercriminals may try to phish businesses through banking websites. Phishing messages may ask you to “confirm” your account or purchase information by clicking on a link, or they may send “receipts,” “shipping notices,” or “coupons” as attachments.
Your best defense is to never click on any unsolicited links or attachments. Instead, type the URL into your browser manually and log in that way. A cost-effective way to ensure employees and volunteers are updated on the latest security best practices is to have a security expert conduct an afternoon training at your offices or simply print and laminate a list of key tips.
Use a password manager for your organization
Your organization’s passwords are what stand between you and cybercriminals accessing your (and your loyal donors’) information. Don’t depend on spreadsheets or sticky notes, and never use the same password for all of your logins. A robust password manager allows you to secure all of your accounts with strong, unique passwords and reminds you when you need to update them
Don’t let cyber criminals get the most out of the season of giving. Follow these basic guidelines throughout the year to prevent unauthorized access to your organization’s most valuable asset: your data.
Bill Conner, CEO, SonicWall