Consider this scenario: A nonprofit organization known for its ability to deliver lifesaving resources mobilizes in response to a natural disaster, but supplies do not arrive as scheduled. Attempts to remedy the situation are thwarted because the organization’s IT systems are inaccessible due to a ransomware attack. What should have been a straightforward solution is suddenly a quagmire that wastes money, costs lives, and tarnishes the organization’s reputation.

Cybersecurity is rarely a priority for those who make generous contributions to charities. Yet cybersecurity is not a nice-to-have feature but an essential risk-reduction effort that protects the donors’ investment in the organization they support, improves its resilience against malicious activity, protects its employees and those they serve, and helps ensure its viability in the face of growing threats.

The scourge of ransomware illustrates the importance of ensuring that nonprofits have adequate cybersecurity resources. For example, ransomware attacks against hospitals are commonplace, putting patients at risk, sometimes gravely so. Other nonprofit organizations are not immune from such attacks, and neither are companies that support nonprofits.

Ransomware attacks against nonprofits may seem like an oxymoron, given that they are arguably the least likely to be able to pay exorbitant ransoms. That actually does not matter much. If financial rewards are not immediate — or sufficient — ransomware can quickly become exposé-ware, as sensitive data about the organization and its donors are posted online for all to see.

Moreover, ransomware is just one of numerous ways in which malicious actors can exploit weaknesses in both technology used by nonprofits and the people who work for them. Business Email Compromise — a forged email that leads to the unauthorized disbursement of funds — was responsible for $1.8 billion in losses last year alone.

Read the full article about funding cybersecurity by Michael Tanji at PhilanTopic.