Organisations’ exposure and implications
Access to organisations’ confidential information
A data breach happens when an attacker gains illegal access to an organisation’s network through malicious activity, employee negligence, or third-party attacks. Data from millions of individuals was stolen in the well-publicised Blackbaud hack, affecting a number of charities. Such information can easily be sold on online criminal forums to enable fraudulent activity using these details. The effects of a breach can still have significant ramifications in both trust and reputation which are incalculable.
Cyber attackers target not-for-profit organisations to bring down their systems and compromise their mission for a number of reasons, even due to ideological differences with other sectors of society. Employee negligence and other cyber security lapses can lead to malware infecting the network and shutting down essential systems. Downtime of any sort can hinder critical work done by affected organisations.
Ransomware and extortion
The outward facing nature of the non-profit sector and daily liaising with a trove of sensitive information presents not-for-profit organisations as an attractive target to cybercriminals looking to steal or deny access to data until a ransom is paid. Such organisations often prefer to pay the ransom to avoid damaging downtime or the threat of date release. Non-profit organisations involved in the protection of vulnerable individuals or holding sensitive medical data could be particularly susceptible to this form of cybercrime.
The legal implications and reputational damage
Failure to adequately protect members’ and partners’ confidential information in case of a data breach can cause reputational damage, loss of donors and precious funds, and also lead to substantial GDPR fines and penalties that can adversely affect the organisations and those depending on their services.
There is a variety of different threats the not-for-profit industry could be impacted by, but the most common include:
Malicious emails designed to look like genuine emails which encourage employees to click – infecting their computers or stealing passwords in the process.
Code which infects computer systems, corrupting or deleting data.
An individual or group attempting to gain access to company systems with the intent to steal or destroy data.
A malicious programme which locks access to company files and data until a ransom payment is made, after which time access may be restored.
Have any questions? please don’t hesitate to contact one of our team
Stuart Belbin – Stuart.firstname.lastname@example.org | Office: 01245 449067