We haven’t heard of any associations falling prey to WannaCry—yet. But nonprofit organizations are not immune to ransomware, phishing, and other cybersecurity threats. We’re proponents that CEOs and CIOs need to take these threats seriously—now. Here’s a roundup of what you need to know, and do, about WannaCry and related threats.
First, a primer on some of the threats you need to watch out for:
- Phishing—An attacker, usually through email, uses a compromised account to try to get you to give up personal data such as passwords or banking information.
- Spear-Phishing—A subset of Phishing where the email appears to be from a known sender (like a colleague) targeted to a particular person to steal financial or membership data belonging to an organization. Criminals most probably get the names and emails from publicly available information such as websites.
- Browser Hijacking—These attacks come through an infected website or advertisement on an otherwise legitimate website. When the browser gets hijacked, an alert appears, sometimes with audio, stating that the computer has been infected and urges you to call a tech support number at once. This alert cannot be closed easily. The tech support number is bogus and if you do call, the "technician" on the other end will either try to get you to pay to get the "infection" cleaned or will install an application that will steal personal information. The "infection" is usually very benign and can be resolved by resetting the browser.
To familiarize yourself with the broader array of threats—we count 17 types—download our Cybersecurity Watchlist for Association & Nonprofit Executives.
Required reading for association and nonprofit executives in the aftermath of the global WannaCry ransomware threat
All about WannaCry
Learn what WannaCry is and why you should care in WannaCry Ransomware Spreads Across the Globe, Makes Organizations Wanna Cry About Microsoft Vulnerability.
Some think the global impact, particularly on vital systems like Britain’s National Health Service, is a call to arms against ransomware threats. Computerworld UK forthrightly asks, Will the WannaCry ransomware serve as a meaningful infosec wake-up call?
The Red Barn, an equine therapy center, lost its website when its shared web server was hacked. Information on 10,000 supporters of the Utah Food Bank was compromised in another website incident. Read more about the realities of website security in Hacked! Crooks are Grabbing Nonprofit Website and Demanding Ransom.
Cybersecurity training is your best defense
DelCor Network Systems & Support Consultant Jason Riggs notes, “Some of these threats rely on human fallibility to successfully infect or gain access to data. This broader threat can only be challenged by education and user vigilance.” In fact, Harvard Business Review says The Best Cybersecurity Investment You Can Make Is Better Training.
CEOs and cybersecurity
Finally, what can you—the CEO or executive director of your organization—do to prevent cybercrime from happening to you? How much should you care? Or should you leave it up to the IT pros? The reality is, the buck stops somewhere—typically at the top. Read Why CEOs Need to Lead on Cybersecurity.