Protect Nonprofits From COVID-19 Scams, Pandemic brought many challenges, including an increase in phishing attacks targeting nonprofits.
Posted Wednesday, March 13, 2023
Protect Nonprofits From COVID-19 Scams: What You Need to Know
The COVID-19 pandemic brought about many changes and challenges, including an increase in phishing attacks targeting nonprofit organizations. With many people working from home and using digital platforms for communication and collaboration, the opportunities for hackers and scammers to exploit vulnerabilities have increased. Nonprofits must be especially vigilant in protecting themselves and their communities, as phishing attacks can compromise sensitive information and resources. In this article, we'll explore how COVID-19 intensified the threat of phishing and what nonprofits need to know to stay safe in today's rapidly changing landscape.
What is a Phishing Attack, and What Can Nonprofits Do to Protect Employees and
Organization Data
A phishing attack is a type of cybercrime in which the attacker attempts to trick individuals into revealing sensitive information or installing malware. The information or malware can then be used for malicious purposes such as identity theft, financial fraud, or data breaches. Nonprofits, which play a critical role in serving communities and often handle sensitive information, are particularly vulnerable to these attacks.
The nonprofit sector is not immune to phishing attacks, and many organizations have fallen victim to these cyberattacks.
Here are a few examples of phishing attacks that have impacted nonprofit organizations:
- The Red Cross: In 2016, the American Red Cross was targeted in a phishing attack that compromised sensitive employee information, including Social Security numbers and addresses. The attack significantly impacted the organization, as it had to spend time and resources responding to the breach and informing employees and stakeholders.
- The World Wildlife Fund: In 2017, the World Wildlife Fund (WWF) was targeted in a phishing attack that resulted in the theft of large amounts of donor data. The attack had a significant impact on the organization's reputation and relationships with donors and its ability to secure future donations.
- The Salvation Army: In 2018, the Salvation Army was targeted in a phishing attack that resulted in the theft of donor information. The attack had a significant impact on the organization's reputation and relationships with donors and its ability to secure future donations.
These examples demonstrate that phishing attacks can have a significant impact on nonprofit organizations, regardless of their size or mission. By compromising sensitive information and donor data, these attacks can undermine the trust that nonprofit organizations have built with their stakeholders and impact their ability to carry out their mission.
To protect employees and organization data, nonprofits can implement the following measures:
- Employee education: Regular employee training and education on recognizing phishing attempts can go a long way in preventing successful attacks.
- Email security: Implementing email filters to block suspicious or known malicious emails can help prevent phishing attacks from reaching employees.
- Two-factor authentication: Adding an extra layer of security, such as a one-time code sent to a device or email, can help prevent unauthorized access even if a phishing attacker obtains login credentials.
- Regular software updates: Keeping software and systems up to date with the latest security patches can help protect against vulnerabilities that phishing attackers can exploit.
- Backup and disaster recovery plan: Having a plan in place to back up and recover data in the event of a successful attack can minimize the damage and downtime caused by a phishing attack.
For more information on cybersecurity for your nonprofit, read our blog Cybersecurity for Nonprofits: A Guide to Keeping Your Data and Operations Safe
What is a Pen Test, and How Can it Help Protect a Nonprofit from Future Phishing Attacks
A "penetration test," commonly referred to as a "pen test," is a simulated cyberattack performed on an organization's IT systems to assess its security. A pen test aims to identify and exploit vulnerabilities in the systems to help the organization improve its security.
In protecting a nonprofit against phishing attacks, a pen test can be helpful in several ways. For example, a pen test can simulate a phishing attack to see how employees respond and identify areas where they need further training. The pen test results can also help the nonprofit identify technical vulnerabilities in their systems that phishing attackers can exploit. By identifying and addressing these vulnerabilities, the nonprofit can improve its security and reduce the risk of a successful phishing attack.
What Pen Test Applications and Resources are Available to Nonprofits
Several applications and resources are available to nonprofits for conducting penetration testing, including:
- Commercial pen testing tools: Commercial tools like Nessus, Metasploit, and Core Impact are widely used for penetration testing. These tools are highly customizable and can be tailored to meet the specific needs of a nonprofit organization.
- Open-source tools: Nmap, OpenVAS, and Aircrack-ng are also available for penetration testing. These tools are free to use and are supported by a large community of developers who continuously work on improving them.
- Penetration testing services: Some organizations offer penetration testing services, which can be especially helpful for nonprofits that do not have the resources to conduct their testing. These services often include a comprehensive report detailing the test results and recommendations for improving security.
- Online training and certification programs: Online training and certification programs, such as the Certified Ethical Hacker (CEH) certification, can be valuable for nonprofits that want to build their in-house expertise in penetration testing.
There are many tools and resources available to nonprofits for conducting penetration testing.
The best option will depend on the size and complexity of the organization's IT systems and the resources and expertise available. By conducting regular penetration tests, nonprofits can improve their security posture and reduce the risk of successful phishing attacks.
Phishing attacks continue to be a significant threat to the nonprofit sector, and organizations must take proactive measures to protect themselves. By following the steps: employee education, email security, two-factor authentication, software updates, and a backup and disaster recovery plan, nonprofits can reduce the risk of a successful phishing attack. Additionally, conducting regular penetration tests can help identify vulnerabilities in the organization's systems and provide a comprehensive view of the organization's security posture.
Protect Nonprofits From COVID-19 Scams Conclusion
In conclusion, the nonprofit sector must take phishing attacks seriously and take proactive measures to protect themselves. By combining preventative measures and regular penetration testing, nonprofits can reduce the risk of a successful phishing attack and maintain the trust of their stakeholders.