Nonprofit owners and managers must be as vigilant about protecting digital assets as the world’s most renowned tech companies. Financial institutions and health organizations have some of the highest concentrations of personally identifying information, but nonprofits are unsuspecting stores of Social Security numbers, banking information, and more. Insider threats are becoming more prevalent in the . How can nonprofits that require copious outside assistance keep data safe? digital threat landscape Unpacking Insider Threats The term “insider threats” is complex, primarily when nonprofit organizations have so many moving parts. Over threatened from the inside, meaning it should be a top priority for nonprofits whose mission is to improve the world. 90% of businesses feel They have permanent staff alongside a constantly rotating door of volunteers, sponsors, and business partners. Any one of these contributors may be an insider threat and compromise data with their access. Examples of inside threats include: Using fraudulent payment processing and accounting Working with threat actors to create vulnerabilities for cyberattacks Stealing donor or stakeholder information Selling data illegally to third parties Mismanaging fundraising funds with harmful intent Nonprofits to fraudulent activities like these. However, not all insider threats relate to digital resources, though they are some of the most common nowadays. Other insider threats include social engineering or manipulation of inside parties working for criminal outfits. These people can influence marketing, investing, and collaboration decisions for nonprofits. lose over 5% of revenue Nonprofits lose donor loyalty by ignoring the importance of protecting against insider threats. It has consequences on reputation and income. Most importantly, it impacts the charity’s mission when staff and supporters lose morale from compromised momentum. These strategies protect organizations on all sides from insider breaches. 1. Strict Volunteer Vetting Nonprofits rely on the kindness of volunteers to execute projects. Unfortunately, interest does not always signify good intentions. A desperate need for staff leads to people from every background having internal insights into the nonprofit. Most volunteers will work with honest intentions, but insider threats are too prevalent to provide blanket optimism. Vetting volunteers eliminates concerns because management can perform safety measures to ensure high-quality helpers. Nonprofits may interview, perform background checks, and review references to determine character quality. It provides because they have a strong sense of authenticity and trust. camaraderie between all volunteers 2. Limiting Permissions A case study of 20 nonprofit organizations revealed teams are too trusting. Around an overabundance of trust is the reason behind insider threats. Giving too many parties information and inadequate oversight are problems with simple remedies. Nonprofits must analyze this fact if they have yet to undergo digital transformation. 43% of participants stated Paper resources are more accessible for insider threats to tamper with or steal, and limiting who has access to business-critical information reduces the likelihood of theft. It also minimizes risk response because nonprofit managers will spend less time discovering the person or people behind the breach if only a small group of staff and volunteers have keys or passwords. 3. Developing Business Continuity Do nonprofit owners and managers have consistent documentation and plans that are easily accessible in case of an insider threat? Business continuity documents should be accessible to anyone detecting the insider threat. The plan must contain action steps for in a clear enough format that anyone can carry out the phases independently and notify relevant management. Here are some suggestions for what to include in a continuity plan in case of an insider threat: managing and reporting the threat Phone numbers and links for police Who to notify in information technology in the event of a digital breach Who to tell in management to contain the threat Shutdown actions, such as deactivating Wi-Fi, locking doors, or freezing company financial assets Executing digital backup recovery measures What evidence to gather Nonprofits are responsible for practicing and fine-tuning the continuity plans as new insider threats become more severe. Oversight must stay in touch with current events and trends in the sector to know what to protect against. Action must be proactive instead of reactive to have the most significant effectiveness. The plan must receive scheduled attention annually for reevaluation with advice from a fraud professional. The document should be thorough yet efficient because the last obstacle a nonprofit needs during a crisis is a too-laborious procedure for isolating the threat. 4. Establishing Culture Every previously mentioned action culminates into a nonprofit culture that opposes insider threats. The more a group works to establish that precedent, the more it reduces a threat actor’s willingness to work toward a breach. Creating safeguards and being transparent to donors and staff increases awareness of what the nonprofit is doing to protect its resources and people. Why would threat actors be motivated to target an organization with more robust security than another? Another way to establish a is to view protective measures as positive instead of preventive. For example, nonprofit organizations giving tours to new volunteers can point out their state-of-the-art security cameras and note which locations and documents are off-limits. Doing so outlines they do this out of safety for their staff, donors, and mission instead of out of fear or susceptibility to insider threats. positive culture that fights insider threats The more aware everyone is of these anti-insider threat details, the more likely workers are to report suspicious activity or challenge questionable language or actions from other stakeholders. Minimizing complacency and empowering staff members with confidence and agency increases the likelihood they expose insider threats. Even if they do not turn out to be legitimate, it diversifies a person’s view on what a threat could look like and how nonprofit managers can reduce false positives in the future. Guarding Against Insider Threats in Nonprofits Social good projects will only increase in influence as time goes on. More people will donate their time and money to causes to improve the world. However, this puts any relinquished data in a potential threat actor’s hands. Nonprofits are a great place for cybercriminals to gather data. Charities can set precedents that the sector is well-protected by using these strategies to deter malicious activity.

The is an opinion piece based on the author’s POV and does not necessarily reflect the views of HackerNoon.

What Are the Legal Implications of Paying Ransomware Demands?

Are Fire Departments Prepared for a Cyberattack?

Portfolio

Nominated for 2022 - HackerNoon Contributor of the Year - Data Security

Digital Asset Protection: The Risk of Insider Threats for Nonprofits And What Can Be Done

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

10 Common Scams Targeting Healthcare Workers

The Noonification: Use This 7-Step McKinsey Framework to Solve Any Problem (1/10/2023)

$500k Presale: TG.Casino Passes Milestone with Upcoming Telegram-Powered Platform

The Noonification: Have U Been Pwned? (1/12/2023)

0xMahjong NFT to Begin Free Minting - Mahjong Meta Game Expects Over $10 Million In Funding

105 Stories To Learn About Outsourcing

10 Common Scams Targeting Healthcare Workers

The Noonification: Use This 7-Step McKinsey Framework to Solve Any Problem (1/10/2023)

$500k Presale: TG.Casino Passes Milestone with Upcoming Telegram-Powered Platform

The Noonification: Have U Been Pwned? (1/12/2023)

0xMahjong NFT to Begin Free Minting - Mahjong Meta Game Expects Over $10 Million In Funding

105 Stories To Learn About Outsourcing

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps