Who You Gonna Call? Nonprofit Addresses Nonprofit Cybersecurity

Padlock / Source: eek the cat

August 9th, 2017; Tech Republic

What would you do if your nonprofit had over 500 W2 tax forms stolen electronically and put up for sale on the dark web?

This nightmare happened to one unnamed nonprofit, and their solution was to contact the National Cybersecurity Center, a nonprofit founded in 2016 by Colorado Governor John Hickenlooper. The NCC’s mission is to provide collaborative cybersecurity services and training. Their goals are to provide education, training, and response services. According to CEO Ed Rios, almost 90 percent of the attacks reported to the center have been mitigated.

What happened to those W2s? The NCC determined that the records were obtained via an email scam. To help with prevention, the NCC offered training to the nonprofit on identifying and avoiding such attacks in the future.

Rios stated that approximately 75 percent of attacks result from user error. Commonly known as PICNIC: Problem In Chair, Not In Computer, this term is popular with IT help desk employees to describe the non-IT workforce’s propensity to click first and ask questions later.

There are three pillars of the NCC’s work:

  1. The Rapid Response Center is a dedicated facility with experts, vendors, and partners to serve as a trusted resource during a time of security breaches. Their plan is to be the “one-stop shop” when immediate assistance is needed to solve an attack. The RRC is reached via 877-90-CYBER. Currently only available during business hours, the plan is to offer 24/7 assistance in the future.
  2. The Cyber Institute takes a think-tank approach to exploring emerging tactics and trends, encryption, and protocols available to better protect our electronic assets. Examples include cyber law, cyber budgeting, cyber communications, and other activities that a small or medium nonprofit or business needs to understand, both now and as technology evolves.
  3. The Cyber Research, Education and Training Center partners with K-12 and higher education to drive research and development and to provide cyber workforce preparation and education.

Statistics reveal that a single breach can cost up to $9 million for complete resolution, says Rios. Referring to the management level, he said, “50 percent don’t really know enough to even have a discussion.”

Regarding the cybersecurity workforce shortages, Rios further explained that cybersecurity skills can often be taught at the “tactical level” as opposed to the formal education perspective with degrees in computer science. As nonprofits face an increase in cybersecurity and other online threats, it behooves them to be aware of the dangers and the resources available to mitigate them.—Jeanne Allen