According to research by Infoxchange, poor cyber security procedures in Australia’s not-for-profit sector are endangering the data of its donors and communities.
One of the largest employers and sources of income in Australia is the not-for-profit industry. In Australia, the not-for-profit industry employs 1.4 million people, and an additional 3.2 million people volunteer. The industry brings in $190 billion annually, all of which is directly used to fund important causes around the nation.
Regretfully, new research from Infoxchange indicates that the sector is ill-prepared to manage the security demands of contemporary IT environments, which not only puts nearly five million people in danger but also makes it more difficult for the NFP sector to deal with Australia’s most urgent social justice and humanitarian issues.
Infoxchange’s NFP cybersecurity insights
Based on a survey of over 1,000 organisations in the sector, Infoxchange’s Digital Technology in the Not-For-Profit Sector provides a thorough analysis of the prevalent technological trends that affect charities and nonprofits.
According to Manish Chaudhari, CISO of Cybernetic Global Intelligence, an internationally recognised provider of cybersecurity support services, in the previous year, one out of every eight organisations surveyed reported having a cyber security incident.
Of those that had information security procedures in place that allowed volunteers and employees to protect the organisation’s data, only 23% were effective.
Merely 39% of internet-facing systems containing sensitive data had multi-factor authentication implemented, and only 13% had a documented plan to strengthen cyber security protection.
Just one in five NFPs had a cyber security policy in place, and only 12% of them regularly conducted training on cyber security awareness.
These NFPs are aware of how critical digital modernisation is. A further 45% of respondents to the survey stated that they had already shifted the “majority” of their IT to the cloud. NFPs are also very interested in how technology can improve their communications; in fact, 38% of them stated that their top priority going forward was to improve their website. Conversely, 32% stated that the primary technology objective was to increase the use of digital marketing.
According to David Crosbie and Tim Costello, AO, from the Community Council for Australia, “Despite this massive footprint in our economy and in our lives, charities and not-for-profits have not been provided with the support they need to deal with an increasingly sophisticated level of cyber attacks.”
They also stated, “Unlike businesses, charities spend every spare dollar they can find on serving their communities. Allocating more resources to strengthen cyber security would mean reducing the level of services available in our communities. Many charities and NFPs struggle to withdraw services, even though cyber security is clearly an important priority.”
Effects of inadequate security
Reports surfaced in August that up to 70 NFPs, including well-known charities like Canteen, Cancer Council, and Fred Hollows Foundation, had their donor data compromised and leaked on the dark web.
This was caused by the NFPs collaborating with the wrong company. For the latest incident, Pareto Phone for telemarketer services, but it also demonstrates how little many charities know or care about security.
Businesses must make sure that their third-party partners handle customer data responsibly.
Separately, in 2022, hackers directly targeted The Smith Family, a significant Australian charity, stealing sensitive information belonging to about 80,000 donors, including credit card numbers and personal details.
What Needs to be Done?
It is improbable that NFPs will experience an abrupt increase in funding to strengthen their security posture. However, cyber security auditors employed by nonprofit organisations should take a “back-to-basics” approach to IT security and ensure that these best practices are being followed, at the very least, by their organisations.
Train and educate personnel
In cyber security, users are frequently the first to defend themselves. Regular training sessions are necessary for IT professionals to teach staff members about the most recent cyberthreats and how to identify them. This covers ransomware, malware, and phishing scams.
Use Robust Password
The importance of using strong passwords and password management strategies that incorporate two-factor and multi-factor authentication is one area in which NFPs have a strong awareness of the subject. IT professionals ought to focus on implementing the strongest zero-trust policies they can, particularly for NFPs that primarily run on the cloud.
Update and Patch Systems Frequently
Hackers may be able to take advantage of vulnerabilities in out-of-date software, as cyberthreats are always changing. Maintaining the security of all systems requires regular patching and updates.
Regularly Update Security Software
Make use of dependable security software that provides ongoing defence against malware and other online threats. Artificial intelligence is a feature that many contemporary security software packages come with, and it is essential to use in situations where human resources are limited.
Regular Data Backups
Keeping regular backups of your data is crucial for recovering from cyberattacks. To make sure they can be restored in an emergency, backups should be created and tested frequently. In order to guard against loss or theft, backups should be stored safely, either off-site or in the cloud. Security teams should search for backups with an “air gap” as a defence against ransomware, as this stops the malware from accessing the backup data.
To know more about how companies can shield themselves from cyberattacks, refer to our blog, How Australian CEOs Can Address Cybersecurity Issues. Besides, if you are worried about cyber security, make sure to consult a reputed cyber security provider like Cybernetic Global Intelligence to stay prepared for a cyber attack and prevent any breaches. For details, call 1300 292 376, send an email to contact@cybernetic-gi.com.