Cyber Security Risks Simplified
For many of us the term “cybercrime” conjures up an image of a movie where there is a large room filled with giant screens and hackers are typing away furiously to stop an attack that could end the world. Much closer to home, a number of NPOs have fallen victim to a cybercrime in the past year which resulted in a loss of income, and KuTh Consultants were called on recently to assist a national NPO to put systems in place after they had been hacked. This article aims to share some useful information to help prevent this happening to more NPOs.
Although everyone thinks it won’t happen to them, or that they aren’t so stupid as to become a victim, some basic knowledge can go a long way in protection organisations and their employees. So, very briefly, there are three risks associated with a cyber-attack. The primary risk is the loss of a donation, or part of a donation. This is followed by secondary risks, which would include the time-cost in attempting to retrieve the lost funding, if it is even retrievable at all. Finally, there is the tertiary risk compromised donor database information, and compromised channels of communication to and from donors. To add to this, these tertiary risks can unfortunately lead to even further financial risk exposure.
So, how does this happen? All our IT structures and networks have three areas of vulnerability our physical network elements (servers, routers, unsecured cabling etc.), our mail structures, (mail server and platform, backups, security certificates and so on) and our website and hosting (internal or external host, security layers, authentications, and inbound and outbound packet rules are some examples). There are two general types of risk random attacks and targeted attacks. These attacks come in many different formats scams, malicious bots, phishing, hacked accounts, ransomware, and malware are just a few of the many options for fraudsters.
Entire networks and IT structures are at risk if organisations do not have cyber security strategies and policies in place, and their systems can be compromised in an instant. A random or targeted phishing mail can convince an employee to yield a tiny piece of information that can unlock an entire network and most of us aren’t even aware we have done it!
Phishing is the most effective method used by criminals to introduce malware, and in the NPO sector spear phishing in particular is the biggest source of cyber-crime. E-mails are designed to appear legitimate and look authentic to the target. They are made to look like they originate from someone the recipient knows and trusts like senior management or a valued donor. Once the crime is committed there is not much that can be done to recover lost funding as the criminals leave very little or no trail behind.
Unlike the movies, we aren’t going to have a team of computer experts coming in to save the day, so the best option is to rather prevent incidents that present a cyber security risk. There are a number of off-the-shelf packages that provide a single point security system that minimises common security risks. When selecting the best package for your organisation, make sure it offers a consolidated cybersecurity layer across the three main areas of vulnerability.
What you need to look for with each area is:
- Physical network elements – make sure it covers your servers, machines, network points and transmission channels.
- Mail structures – here it needs to protect your mail server and mail platform, offer backups and verification of mails, and monitor and assess threats.
- Website and hosting – check to see that it provides coverage for authentications and security, internal and external access hierarchies, as well as packet rules, layers and protocols.
In the rapidly evolving field of IT, there will always be risks, and unfortunately NPOs are seen as soft targets. It is our responsibility to be vigilant and make sure we protect our organisations from cyber threats, so that we can focus on what we do best making the world a better place.