Page 52 - Cyber Defense eMagazine - December 2017
P. 52

the reason, the result is that nonprofits have become an easier mark for hackers than
               their corporate brethren.



               This  is  alarming  given  that  most  nonprofits  run  on  donations  transacted  using
               particularly sensitive and valuable information. Accepting money and providing receipts

               alone  requires  (legally)  sensitive  credit  card  numbers  and  tax  IDs.  Even  more,

               anonymous donors to, for example, nonprofit political organizations, will consider their
               names and other typically “non sensitive” information extremely sensitive, adding even

               more value to the data. Hackers like high value information.


               Worse  still,  few  consider  that  the  personally  identifiable  information  of  the  affected

               population is valuable to hackers as well. Sometimes, the same information is used in
               micro-grants or to fund SIM cards that provide access to basic needs, which can easily

               be diverted. Other times, hackers are interested in selling the locations of aid workers
               for distributing malicious reasons.



               This makes data privacy existentially important to a nonprofit. Nonprofits depend on a
               population of hopeful and willing donors to trust them. These donors assume that not

               only will money they donate be utilized efficiently, but that their act of goodwill won’t be

               punished because of a data breach. Once that trust is lost, funds will certainly flow to
               more trusted organizations, ending the nonprofit’s mission, which may, in fact, be the

               hacker’s aim.


               So with the lack of resources and funds, what should nonprofits do? Corporate forprofits

               typically focus on detecting and responding quickly to attacks. These measures often
               need  to  be  in  place  for  compliance  reasons.   For  all  of  the  reasons  outlined  above,

               nonprofits can’t afford to react to a breach. Of course defenses should be in place, but
               first they need to predict and prevent successful attacks before they happen.



               How? These three steps are a good start:


                   1.  Assess your risk





                   52    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   47   48   49   50   51   52   53   54   55   56   57