| Publisher | CommunityIT innovators |
| Year | 2023 |
| Publishing Frequency | Yearly |
| Author | Matt Eshleman |
| Cost | Free |
| Topics | Nonprofits, MFA, SSO, Login Security, Cyber Landscape, Phishing, Ransomware, BEC, APT, Spear Phishing, Malware, Virus, Email Security, Attackers |
The report highlights the increasing visibility of cybersecurity among nonprofits since the it’s inception in 2019. It acknowledges that some nonprofit leaders still perceive cybersecurity as solely the responsibility of the IT department, emphasizing that security should be a goal for everyone within the organization. The report stresses the importance of addressing fundamental security practices, which can often be achieved through low-cost or free tools and utilizing existing security features of platforms and subscriptions.
Due to the COVID-19 pandemic, remote work has become a permanent environment for the nonprofit sector. The shift to remote workspaces has led to an increase in targeted spear phishing emails and heightened security risks as personal devices are used to access work resources. The report emphasizes the need for robust security awareness training and the implementation of security tools that balance convenience with strong protections in this new remote work landscape.
Encouragingly, the majority of nonprofits have implemented Multi-Factor Authentication (MFA), organization-wide password managers, and are adopting Single Sign-On solutions. The report emphasizes the effectiveness of MFA as a strong, simple, and low-cost deterrent. However, it also warns of a new development in 2022 where compromises on personal emails used for security backups have led to compromises of business accounts. The report advises nonprofits to include work-from-home environments within their cybersecurity perimeter and take appropriate steps to protect staff regardless of their location.
The report stresses the significance of “micro” training for all staff in identifying and responding to basic attempts to infiltrate IT systems. It highlights the success of frequent and realistic cybersecurity training, including peer-to-peer and gamified micro-training programs, in increasing awareness and fostering a healthy skepticism that can counter sophisticated wire fraud scams.
The data shows that while attacks continue to increase, most fall within well-established categories, emphasizing the importance of implementing foundational cybersecurity controls to prevent incidents. The report concludes by stating that all nonprofits have a 100% probability of facing cyber attacks, and the key question is how well-prepared they are to protect and respond to these evolving threats.
