Nonprofits and Schools are Vulnerable to Cyberattacks

Here’s How to Prevent Them

One of the last things any nonprofit or school wants to do is tell their constituents or students their personal information has been compromised. Unfortunately, that was the position many nonprofit organizations and schools found themselves in after Blackbaud (a solution widely used for fundraising) was hacked.

The following resource highlights questions you need to be asking and what preventive measures need to be put in place sooner than later.

SC&H’s Key Takeaways:

  • Remote technology and third-party platforms are increasing the risk of cyberattacks, particularly for nonprofits and schools
  • Identifying and mapping data is key to developing an ongoing system of cyber management
  • You can reduce the risk and limit exposure of cyberattacks by hiring a Chief Information Officer or purchasing cyber insurance

When a major data breach makes headlines, such as the one targeting Blackbaud, smaller organizations might be lulled into a false sense of security by the size of the target. But cybercriminals are not just focusing attacks on large, multinational organizations.

Whether an organization is large or small, cybercriminals always target vulnerable organizations first, according to SC&H Group’s Technology Advisory Services Director Jeff Bathurst, and some of the most vulnerable organizations tend to be nonprofits and schools.

Historic numbers of American workers have shifted to telecommuting. Many of these educational organizations are new to telework, and students of all ages as well as staff are suddenly using new cyberlearning tools. If you are aware of this, you can bet cybercriminals are aware of it too – and have shifted their tactics accordingly.

Nonprofits are at risk because they frequently use third-party platforms to accept donations. Schools have also historically used third-party platforms to collect information for fundraising, purchasing school meals, and more. In addition, students are now using personal computers from either their home or the school. The immediate need for student access to technology this spring may have relegated cybersecurity concerns to the backseat, left in the wake of more pressing priorities. These factors, combined with the likelihood that nonprofits and schools will operate without a Chief Information Officer (CIO) to coordinate cybersecurity efforts, make them ideal targets for cybercrime.

What are the right cyber questions to ask and actions to take?

The first thing nonprofits and schools can do to protect organizational and personal data is to ensure your organization has a formal ongoing cybersecurity management program. Identify, define, and map your data, says Anthony DiGuilian, Principal, SC&H Group Risk Management Services. Know where it lives, how it works, how your partners manage and protect it. Ask your partners: ‘What is your protocol for a data breach?’

The team also recommends organizations consider hiring or outsourcing a CIO. While budgets can be tight in nonprofits and schools, the upfront investment will pay dividends in operational efficiency, peace of mind, and overall cost.

Remember, cybersecurity is an ongoing consideration. Even when students return to school, and employees return to work, cyber criminals are not going away anytime soon.

If you’re concerned about your cybersecurity, reach out to our Technology Advisory Team to access your options.