In May this year Blackbaud, a cloud software provider whose target market is the social good community (not-for-profits, education and healthcare providers) fell victim to a large cyberattack. To make matters worse, only last week it was revealed that customer bank account information, social security numbers, usernames and passwords were likely to have been compromised (spoiler alert: they paid the ransom).
This is obviously deeply concerning for not-for-profits, given our dependence on cloud-based applications.
Anglicare in Sydney, one of Australia’s largest not-for-profits, fell victim to a ransomware attack late September with 17gb of data (!) exported to an outside server following a malicious attack.
Anglicare reacted quickly to the issue. They were clearly prepared and have a security expert on their team, but it certainly seems like there is more of this come.
What can charities do?
CPO magazine advocates a tightening of all data security basics. Clearly, as demonstrated by the examples above, no-one is immune. A focus on basics around security protocols and not having “privileged” accounts with access rights to everything in your organisation are all important. CPO also doesn’t recommend paying a ransom in these cases.
It’s also important to acknowledge the human factor, those who work with you. It’s the weakest link in any cyberattack. Communication with and training of employees is crucial so that everyone naturally applies the “clean desk” approach and can spot a dodgy email – or know who to talk to when something does look phishy.
ProBono also picked up on the story and had some excellent advice around how to avoid problems in the future. You can find it here – it’s well worth a read.