This blog was written in collaboration with ManagePoint. ManagePoint uses technology to support businesses in doing what they do best, with solutions tailored to the business’ needs in everything from managed IT services, networking, cloud and cybersecurity.

As technology and funding requirements change, cybersecurity has become a growing issue that nonprofits must be prepared to confront. Smaller organizations face unique challenges in the digital space because of limited resources and technological expertise, leading to significant issues in understanding the common risks associated with data security, and the ways to create barriers between your data and a hack.

Security breaches are costly, with 2023 seeing a global average of $4.45 million USD in costs related to cyber security breaches, an increase of 15% over 3 years. The costs incurred include fines and penalties, remediation costs, loss of potential profits, investments in new security measures, loss of opportunities costs, and lost productivity, not to mention the damage to the organization’s reputation.

The growing sophistication of scams over email, social media, and even text messages has highlighted the importance of digital literacy for all employees, and led to one of the emerging issues facing nonprofits and their cybersecurity: funding requirements. An example of this being IRAP, which now mandates a cyber security course from organizations in order to receive funding, with other funding and grant programs likely following suit in the coming years.

Why Do Hackers Target Small Businesses?

Hackers find easy targets in small businesses, as they typically have lower security measures due to resource and personnel constraints. A common practice for hackers is crawling the IRAP (or similar funding programs) list to see who is receiving funding, and selecting their unsuspecting targets from these smaller organizations. Small businesses like nonprofits provide a bountiful ground of personal data, and access to money from donors. But more importantly, they know that smaller organizations allow them to go mostly undetected, and are typically unprepared to respond. With help from our friends at ManagePoint, we’ve outlined common oversights in the nonprofit and small business space, and tips to keep your organization safe and prepared in the event of a breach.

How can nonprofits improve their security?

• Implement strong access controls ensuring only authorized individuals have access to sensitive information. This includes setting up multi-factor authentication (MFA) and regularly reviewing access privileges.
• Backup systems regularly, off network, and ensure all company data is stored in Canada
• Encrypt all devices accessing work data, ensuring that even if data is intercepted it remains unreadable.
• Conduct regular security audits and risk assessments, ensuring all systems/ software are patched on schedule (improving security or functionality issues).
• Use unique passwords for each system, creating ones that are longer than 14 characters (anything shorter than 14 can be hacked in a matter of minutes)
• Staying informed and preparing the organization as a whole is aware of the risks is one of the most effective ways to strengthen cybersecurity. Employees should be trained on cybersecurity best practices, including recognizing phishing attempts, using strong passwords, and being cautious when clicking on links or downloading attachments.
• Use updated and reputable Endpoint Detection and Response (EDR) (security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.)
• Have a plan in place to respond quickly and effectively to cyber incidents, minimizing potential damage.
• Make use of nonprofit pricing, especially on applications such as Microsoft and Google: reputable tools when it comes to security features.

Remember that cybersecurity is not just about protecting data; it's about safeguarding the heart of your organization's mission. Cybersecurity is a shared responsibility, and nonprofits must take proactive measures to protect their data and digital assets. By prioritizing regular training for employees, having a plan of action, and implementing the above best practices, nonprofits and small businesses can continue their important work in a safer digital environment.