Cryptolocker, WannaCry, Petya, there seems to be a new cyber attack each week. These scams are plaguing the nonprofit community and costing organizations thousands.The good news is that there is plenty you can do to ensure your organization does not fall victim to scams and attacks. Below are the most 4 common types of cyber attacks and how your nonprofit can defend against them.
Cyber attack No. 1: Malware
An end-user is somehow tricked into running a Trojan horse program, often from a website they trust and visit often. The otherwise innocent website is temporarily compromised to deliver malware instead of the normal website coding.
The maligned website tells the user to install some new piece of software in order to access the website, run fake antivirus software, or run some other “critical” piece of software that is unnecessary and malicious. The user is often instructed to click past any security warnings emanating from their browser or operating system and to disable any pesky defenses that might get in the way.
How to Prevent: Social engineered malware programs are best handled through ongoing end-user education that covers today's threats (such as trusted websites prompting users to run surprise software). Nonprofits can further protect themselves by not allowing users to surf the web or answer email using elevated credentials. An up-to-date anti-malware program is a necessary evil, but strong end-user education provides better bang for the buck.
Cyber attack No. 2: Password Phishing Attacks
How to Prevent: The best way to prevent against phishing attacks is using two-factor authentication codes. If you can enable something other than simple logon name/password combinations for your logons, and require only the stronger methods, then you’ve beat the password-phishing game.
If you’re stuck with simple logon name/password combinations for one or more systems, make sure you use accurate-as-can-be anti-phishing products or services, and decrease the risk through better end-user education.
Cyber attack No. 3: Unpatched software
The most common unpatched and exploited programs are browser add-in programs like Adobe Reader and other programs people often use to make surfing the web easier.
How to Prevent: Ask your IT professional or contact us and make sure your patching is perfect. If you can't, make sure it's perfect around the most exploited products, whatever they happen to be in a given time period.
Cyber attack No. 4: Social media threats
Social media threats usually arrive as a rogue friend or application install request. If you’re unlucky enough to accept the request, you’re often giving up way more access to your social media account than you bargained for. Corporate hackers love exploiting corporate social media accounts for the embarrassment factor to glean passwords that might be shared between the social media site and the corporate network. Many of today’s worst hacks started out as simple social media hacking. Don’t underestimate the potential.
How to Prevent: End-user education about social media threats is a must. Also make sure that your users know not to share their passwords with any other foreign website. Here’s where using more sophisticated 2 two-factor authentication logins can also help. Lastly, make sure all social media users know how to report a hijacked social media account, on their own behalf, or someone else’s. Sometimes it is their friends who notice something is amiss first.
Our Director of Consulting Services, Sam Chenkin has created a recorded webinar specifically for IT security for nonprofits. In it he walks you through affordable and effective solutions including, user training, Azure Active Directory, two factor authentication, single sign on and enterprise security. Watch it any time by clicking the button below!