Ransomware is malicious software which encrypts data until a large fee is paid to the attackers.  It’s a cyber attack tactic that keeps evolving and impacting business and nonprofit networks alike. Often automated, ransomware is a financially motivated cyber crime. You may think your nonprofit is too small to be targeted, but ransomware attacks increasingly are targeting third party IT vendors, so you may not BE the initial target. And ransomware hackers know that like most companies and individuals, nonprofits faced with a loss of reputation or loss of function will often pay to have access to IT restored quickly. Below we share some links to basic ransomware security tips for nonprofits, from training employees to incorporating cybersecurity into your strategic plan.

There have been many high profile attacks on big organizations such as Kaseya, Colonial Pipeline, JBS Meat processing and the heavy equipment manufacturer Manitowoc. Beyond these big-name breaches, smaller organizations have been affected too, including the New York City Law Department. 

While investigations are ongoing in many of these cases, we do know that many of the attacks weren’t the result of sophisticated hacking, but instead the result of poor cybersecurity controls like easy-to-guess passwords, or successful spearphishing. In the Colonial Pipeline case the ransomware was launched against the network through a VPN account that was protected by a single password. The New York City Law Department was exploited because a user’s account, without Multi Factor Authentication, was compromised. Ironically, the FBI was able to recover part of the ransom paid in the Colonial Pipeline case because the hackers’ bitcoin wallet was ALSO protected only by a single password which the FBI was able to crack.

Responding to these cyber events can be very expensive. The Baltimore County Public School system has spent over $8,000,000 to respond to a ransomware attack from November of 2020. If they had implemented the controls proactively that they are now implementing retroactively they would have saved millions of dollars not to mention thousands of hours of lost productivity and instruction time.

Defending against these attacks can seem like an impossible task at times. But it doesn’t have to be. When cybersecurity training is prioritized and defenses are part of your IT strategic plan, your nonprofit can be proactive about facing evolving threats. We’ve outlined a series of steps in our Cybersecurity Playbook that will help your organization improve your defenses against cyber attacks.  You can download the guide or watch our webinar about it here.

Learn more information on why nonprofits should require multi-factor authentication (MFA) and why backups are a key element of your cybersecurity strategy. To learn about our Nonprofit Cybersecurity Risk Assessment, check out this video, transcript, or podcast. For a refresher on cybersecurity training for nonprofit staff, review this video or podcast.

Looking for More Ransomware Security Tips for Nonprofits?

Community IT Innovators is not a cybersecurity-only firm, but we deploy security measures for our clients and have developed cybersecurity expertise in facing the threats nonprofits encounter. We hope sharing our experiences can help our nonprofit IT community better protect ourselves. You can see several recent security webinars and other security resources here.

If you’re looking for more guidance – or to reduce the likelihood of cyber incidents in the first place – get in touch with us and schedule a cybersecurity assessment.

At Community IT Innovators, we’re found that many nonprofit organizations deal with more cybersecurity risks than they should have to, often after settling for IT support options that don’t factor in risks and ROI on preventing ransomware and other malicious hacks.

As a result, cyber damages are all too common.

We can help. Our techs are nonprofit cybersecurity experts. We constantly research and evaluate new technology solutions to ensure that you get cutting-edge solutions that are tailored to keep your organization secure. And we ensure you get the highest value possible by bringing 25 years of expertise in exclusively serving nonprofits to bear in your environment.

Whether you need help reviewing your cyberinsurance options or assistance in reducing the likelihood of an attack – if you’re ready to gain peace of mind about your cybersecurity, let’s talk.