Cybersecurity for Nonprofits
Cybersecurity presents real risks to a nonprofit organization’s ability to carry out its mission and serve its clients. There are myriad ways for attackers to maliciously gain access to a nonprofit’s information, and protecting against and anticipating cyberattacks is a never-ending process.
However, TEKYHOST can help nonprofits to implement cybersecurity measures to protect there infrastructure from any cyberattacks.
Threats designed to disrupt operations or compromise data
Advanced Persistent Threat – A sustained, embedded attack that strives to remain undetected, enabling surveillance, service disruptions, and data theft over a long period of time.5 Attackers can surreptitiously collect sensitive data the organization stores or shares over its network, and can disrupt network services.
Denial of Service – An attack that prevents or impairs the authorized use of information system resources or services. Individuals trying to access the site will instead be met with “403: Access Denied” or “You don’t have permission to access” messages.
Man-in-the-Middle – Occurs when a hacker itself between the communications of a client and server. For example, a hacker could insert itself in-between a Wi-Fi hotspot and an individual’s computer whatever information an individual then sends over the wi-fi network, the hacker is able to see and collect.
Data Extraction Attack – Occurs when a bad actor executes a SQL query to the database via the input data from the client to server. If successful, the attacker can read all information stored in the organization’s database, modify the information in any way, and even complete delete the database.
Just as organizations may hire security to periodically check that their buildings and people are safe, organizations must realize that implementing good cybersecurity practices is an ongoing effort. Cybersecurity trainings should be administered at least annually, and encryption settings confirmed and updated.
TEKYHOST Implementation of Cybersecurity Plan
Once organizations understand what cybersecurity is and recognize that it is a threat to their operations, the next step is to assess what cyber risks the organization has. By conducting risk assessments and implementing appropriate protections, organizations can decrease the likelihood of a cybersecurity attack.
Although many risk assessment guidelines exist, standards based on the National Institute of Standards and Technology (NIST) guidelines are generally considered the best. TEKYHOST uses this guidelines to help our clients to implement Cybersecurity controls. The NIST Cybersecurity Framework includes five functions: