KPM

Audit Report

Weighing The Costs: Cybersecurity Vs. Post Cyberattacks

Cybersecurity can be very expensive. This is one of the many reasons why non-profits fail to secure their networks and digital assets.  Without the correct cybersecurity measures in place to protect your non-profit, you may end up losing more than the cost of securing your network. According to IBM’s “2022 Cost of a Data Breach Report,” the average U.S. breach was an average loss of $9.44 million.  Avoid the potential risk of a cyberattack and protect your non-profit by training your staff and taking a proactive approach.

Phishing Evolves
Most attacks are made via phishing schemes, where cybercriminals use email to dupe victims into providing personal information.. Phishing emails generally include links or attachments that, when clicked, infect computers with malware that enables fraudsters to access your systems,  including your login credentials.

Increasingly, cybercriminals are using phishing emails to perpetrate ransomware attacks. They gain control of an organization’s network and data and lock legitimate users out. They then hold the data hostage until the victim organization pays a ransom. The criminals might leak some confidential information to the public or on the ‘dark web’ to show they’re serious and to encourage quick payment. Ransomware perpetrators usually release the data after they receive a ransom — but not always.

Acting Proactively
Criminals have hacked everything from government agencies to hospitals to large charities, so it’s critical that all non-profits act defensively and provide training to staffers. Training should cover various phishing schemes and include testing so employees can see how easy it is to fall for scams. Other ways to contain potential cyberthreats are:

  • Look for emails flying red flags. Everyone in your organization should look out for suspicious emails, including messages with a sense of urgency, such as a subject line that says, “Respond ASAP.” Phishing subject lines might also include references to upcoming meeting agendas, payroll questions, and password verifications. They may appear to come from HR, tech support or your executive director.

Phishing messages frequently are peppered with bad grammar and misspelled words. They may use numbers and special characters that look like letters to dodge anti-phishing software and include URLs that are close, but not identical, to the addresses of legitimate sites.

  • Use password managers. Your organization should consider using password managers. A surprising number of employees still use easily hacked passwords such as 1234 and PASSWORD. Password managers generate complex passwords and store them for users. At the very least, require employees to come up with difficult passwords and change them frequently. For greater security, implement two-factor authentication. This requires users to log in normally and then confirm their identity via text or phone.
  • Stay current. Implement hardware and software updates on a timely basis and stop using programs that are no longer updated and supported by their makers.

No Excuse
There are plenty of affordable (if not free) cybersecurity tools available to non-profits. So, there’s no excuse for you to simply hope your organization won’t be hacked. Contact us for more information about protecting your assets.

Related Articles

Talk with the pros

Our CPAs and advisors are a great resource if you’re ready to learn even more.