Join CTO and Nonprofit Cybersecurity expert Matthew Eshleman as he walks through the second annual Community IT Nonprofit Cybersecurity Incident Report.
This report looks at the different types of attacks that occur at small and mid-sized nonprofit organizations. Is your nonprofit prepared?
Matt shares advice on security improvements that provide protection against the most common attacks. Learn the role of leadership in placing a value on cybersecurity preparedness for your nonprofit and the long term planning that should accompany your immediate assessment of your security risk.
Learn about real cyberattacks on nonprofit organizations and how they responded to these attempted hacks. Matt will give you the tools you need to protect your organization and staff from cybercrimes.
Many of these tips you can put in place quickly and train your staff on immediately.
Some resources from the webinar:
Report Download: https://communityit.com/2020-nonprofit-cybersecurity-report-download/
Microsoft Nonprofit Cybersecurity Guidelines: https://download.microsoft.com/download/1/D/4/1D494A7D-D153-40FC-BC18-F4C2F800E752/Nonprofit_Guidelines_for_Cybersecurity_and_Privacy.pdf
Remote Work: https://communityit.com/remote-work-tips-and-resources/
TechSoup Courses: https://techsoup.course.tc/ Our 101/201 courses are now FREE in the remote work bundle. We’ll have a dedicated course on Cyber Liability in the next month or so.
Zoom Overview: https://communityit.com/nonprofit-cybersecurity-tips-zoom/
Zoom geek out: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
Schedule an initial conversation or sign up for a free Darkweb scan: https://meetings.hubspot.com/meshleman
6. CYBERSECURITY LANDSCAPE
Persistent and ongoing brute force
attacks on identities
Sophisticated spear phishing
Organizations targeted because of the
work they do
Attacks targeting vendors
7. CYBERSECURITY LANDSCAPE
New security tools available to
combat new threat types.
Organization’s more proactive about
asking where to start improving their
cybersecurity.
60% of Nonprofits don’t know how
their org handles cybersecurity risk.
Breach response for a small to
medium business is $149,000
9. Secure Video
Conferencing
• MicrosoftTeams
• Google Meet
Orgs already
have secure
tools available
to them
• Wire
• Signal
• Jitsi
Orgs with
significant
Privacy and
Security
concerns
• Update your client
• Follow good meeting security
practices
Using Zoom?
10. OUR APPROACH TO CYBERSECURITY
PREDICTIVE
INTELLIGENCE
IDENTIT
Y
DATA
DEVICE
S
PERIMET
ER
WEB
SECURITY AWARENESS
SECURITY POLICY
12. Incident
An event that compromises the integrity,
confidentiality or availability of an information
asset.
13. Breach
An incident that results in the confirmed
disclosure—
not just potential exposure—of data to an
unauthorized party.
14. Types of
incidents
• Spam: unwanted or inappropriate email
that is sent to a large number of recipients
• Malware: any type of malicious software,
usually reported by the end user as a slow
computer or strange pop-ups
• Account Compromise: unauthorized use of
a digital identity by someone other than
assigned user
15. Types of
incidents
• Business Email Compromise: scam using
traditional confidence scheme techniques
combined with email impersonation to extract
funds through illicit means
• Wire Fraud: any fraudulent or deceitful scheme
to steal money by using phone lines or
communications through electronic means
• Virus: a malicious piece of software that can
alter the way a computer works, typically
from one computer to another, often rendering
the computer and/or data unusable
16. Types of
incidents
• Supply Chain: an attack that is initiated
through a partner of the organization. Also
known as a value-chain or third-party attack.
• Advanced Persistent Threat: State-Sponsored
actor or criminal group focused on targeting a
specific organization or individual, operating
over a long period of time with a goal of
remaining undetected and exfiltrating data.
• Ransomware: a type of virus that has the
characteristic of encrypting files and then
demanding payment for decrypting the files.
17. 06
CYBERSECURITY INCIDENTS
INCIDENT TYPE
COUNT OF
INCIDENTS
COUNT OF
SAMPLE
% OF SAMPLE
EXPERIENCE
INCIDENT
Spam 378 51 71%
Malware 50 31 43%
Account Compromise 15 12 17%
Business Email Compromise 59 35 35%
Wire fraud 3 3 4%
Virus 3 3 4%
Advanced Persistent Threat 1 1 1%
Supply Chain 0 0 0%
Ransomware 0 0 0%
Grand Total 509 72
19. Trends
Cybersecurity incidents on the rise
Spam continues to be a problem
Business Email Compromise biggest headache
Account compromise is still at a high level
20. Sector Differences
• Spam and Business Email Compromise attacks affect all
organizations
• Policy /ThinkTank Organizations targeted by Advanced
PersistentThreats
• Social service organizations more susceptible to Business
Email Compromise
21. SECURE YOUR
NETWORK
01
IMPLEMENT MULTI-FACTOR AUTHENTICATION
Protects against: account compromise
02
03
Protect your Staff from Business Email Compromise
Protects against: account compromise and wire fraud
IMPLEMENT A SECURITY AWARENESS TRAINING
Protects against: email phishing, account compromise,
business email compromise and wire fraud.
23. Let’s Talk:
Email: cybersecurity@communityIT.com for a complimentary DarkWeb
Scan to see what accounts are already compromised.
Meet: Books some time with me https://meetings.hubspot.com/meshleman