The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
Considering the large sums of money generated in the charitable giving sector along with the potential for access to personal and sensitive information, it is understandable that it’s such an attractive target for cyberattackers. And like many organizations providing critical services, continuous and uninterrupted service is a linchpin of serving their communities: Downtime is not an option.
Now more than ever, it is important to remind decision-makers within the charitable giving sector to take a proactive approach to cybersecurity. If they were to fall victim to a data breach, their reputation, finances, data and ultimately, the ability to effectively serve those in need may be damaged beyond repair.
To prepare for cyberattacks, organizations in the charitable giving sector need to understand the most common cyberthreats, starting with phishing. Hackers will do their best to trick unsuspecting users into interacting with a fake website or download malware that can steal sensitive information or money. Phishing campaigns are typically conducted via email but in recent times, SMS phishing (or smishing) has become more popular. These campaigns can be difficult to spot as they use very similar verbiage and branding to the company they are trying to mimic. While phishing attacks are common throughout the year, hackers are opportunistic and will look for high-profile events, holidays or disasters to increase their chances of successful attacks. Remember, cybercriminals have no remorse for their victims; they depend on the naivetey of human behavior. With this in mind, semi-annual phishing simulation tests can raise security awareness and help to prevent such an attack from happening.
The pandemic forced the majority of the workforce to work remotely, and those within the charitable giving sector were no exception. Many had to quickly adopt digital transformation technologies and tools. For example, organizations began using the cloud to power applications and store data online to allow continued remote work with minimal disruption. Cybercriminals were aware of this and quickly began exploiting weaknesses and vulnerabilities within the cloud.
It doesn’t take a mastermind hacker to exploit a vulnerability and gain access to charity organizations’ computer systems. Instead, an insider attack will often involve an employee acting as the vulnerability, giving access to passwords or access to the organization’s systems and data to a hacker—whether by accident or on purpose. Implementing a zero-trust model is key to defending against the risk of an insider threat. Instead of focusing exclusively on preventing breaches, zero-trust security aims to keep damage limited if a breach were to occur and build a system that is resilient and can quickly recover. An organization can reduce its attack surface by segmenting resources and only granting the absolute minimum access needed.
Prioritizing cybersecurity with key processes and backup plans
To help avoid common cybersecurity threats from impacting a charitable organization, make cybersecurity a priority by documenting specific procedures and staying up-to-date on software patches and updates. For example, while consistently updating operating systems is a major priority in running safe databases and sites, it is equally important to harden systems using a VPN, antivirus and firewall. A security assessment can also help identify vulnerable points. Be sure to continually conduct patch management, too, because ransomware attacks often use known openings in common software, such as productivity applications, to introduce malware. Stay up-to-date on software as well, as such systems are constantly being patched. In addition to these processes, implement anti-malware tools across the business to proactively scan for malware and prevent its installation.
Charities should also reconsider backup plans that may or may not be in place. Adopting a 3-2-1 backup strategy can help protect company assets using diversified methods. This will involve taking the following actions:
Additional rules charitable organizations should follow regarding backup procedures include these steps:
As we enter the 2021 holiday season, it is imperative to reevaluate the most common cyberattacks to the charitable giving sector and understand how to defend against them. Awareness of such threats and prioritizing cybersecurity best practices will work miracles as charities work their own for those who need it most.
Bindu Sundaresan is currently responsible for growing the security consulting competencies and integration with the AT&T Services and Product Offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.
bindu-sundaresan has 2 posts and counting.See all posts by bindu-sundaresan
The Home of the Security Bloggers Network