Increased Cybersecurity Essential For NGOs: Help Available

by · Forbes

As if fighting famine, disease, disaster and other calamities weren’t enough, nonprofit organizations face dire cybersecurity threats from nefarious groups seeking to steal money and sensitive data or disrupt services. Attacks have hit many NGOs over the years such as Save The Children, OneBlood and Roots of Peace.

This threat is particularly challenging for nonprofits because so many are small, poorly-funded organizations lacking staff to assign to cybersecurity.

An image of a cybersecurity system at an International Cybersecurity Forum in France.AFP via Getty Images

Fortunately private and NGO initiatives have emerged to help nonprofits harden themselves against cyberattacks and react should they be attacked.

The CyberPeace Institute, for one, offers free cybersecurity assistance, threat detection and analysis by leveraging a network of volunteers around the world, according to the nonprofit group’s CEO Stephane Duguin.

To get started, Duguin suggested that nonprofits assess their level of cybersecurity to get a sense of what they need, and find people who can help. Because nonprofits have little if any personnel assigned to cybersecurity, the time they can dedicate to it is extremely limited. Our program helps them assess their cyber maturity in just a few minutes, and get matched immediately to cybersecurity experts from industry who’ll volunteer countless hours to help them - all for free.”

Stephane Duguin, CEO of the CyberPeace InstituteCyberPeace Institute

Starting to build cyberdefenses based on that initial assessment will likely result in suggestions to implement several building block programs such as multi-factor authentication, password managers and backups. Those are “basic but critical security controls that many nonprofits still don’t have in place, and that would already deflect the vast majority of attacks we see impacting them,” Duguin said.

MORE FOR YOU
Apple’s Update Decision—Bad News Confirmed For Millions Of iPhone Users
BlackRock Reveals It’s Quietly Preparing For A $35 Trillion Federal Reserve Dollar Crisis With Bitcoin—Predicted To Spark A Sudden Price Boom
Election 2024 Swing State Polls: Pennsylvania’s A Dead Heat—As Harris Leads Michigan, Trump Takes Arizona

For those not familiar with cybersecurity lingo such as multi-factor authentication some online resources to educate oneself include:

— The CyberPeace Institute Glossary of Cyber Terms

Cybersecurity For Nonprofits, a good introductory article on the topic from the National Council of Nonprofits

The Microsoft Digital Defense Report a much longer take on the overall subject of cybersecurity for those who want to take a deeper dive. (The report identifies NGOs, by the way, as the third most targeted sector by state-sponsored cyber-threat groups)

Some tech companies have adopted cybersecurity for nonprofits as a cause they support. Okta, an identity security service, for example, recently made a 5-year $50 million pledge to help social sector organizations with digital transformation and security, explained Erin Baudo Falter, vice president for sustainability and social impact.

“While ransomware and distributed denial-of-service (DDoS) attacks are rising, we know the biggest vector for cyber attacks is compromised credentials,” said Baudo Falter. “That’s why (in addition to making philanthropic grants) we’re focused on donating and discounting Okta’s identity security services for nonprofits through Okta for Good. It’s a direct way our products and expertise can support cyber resilience for organizations like Teach for America.”

Experts on cybersecurity for nonprofits can point to many cases of organizations large and small that have been attacked such as Philabundance, which lost close to $1 million to a business email compromise scam, and the International Committee of the Red Cross which suffered a data exfiltration that stole 515,000 sensitive client records.

Erin Baudo Falter leads the Okta For Good cybersecurity initiative to support nonprofit ... [+] organizations.Okta

That is why they stress that nonprofits should not delay starting to develop cybersecurity defenses. “The key to cyber resilience is working through people, with people, and for people, which is something that nonprofits understand better than anyone else,” said Baudo Falter. “My best advice: just start. Resist being intimidated by the technical aspects of security, and start the conversation in your organization.”

Educating staff would be a good first step, advised Pietro Galli, director of technology at the Norwegian Refugee Council which suffered a cyberattack in 2023. “Since phishing is the most prevalent attack vector, educating users and raising awareness can go far in reducing the likelihood and number of attacks,” he said.

Another wise human to human (as opposed to technical strategy) would be to have discussions with peer nonprofit organizations, according to Galli. “There is incredible value in sharing and at times you may also “partner up” and take common initiatives together (e.g. sharing costs),” said Galli.