Strengthening cyber defenses for nonprofits

a woman works on her phone and laptop

We’ve seen an incredible number of crises arise and persist over the past year – ranging from the global to the deeply personal. Nonprofit organizations have been a lifeline to some of our most vulnerable communities, engaging with complex needs and working to make a difference.

But nonprofits themselves are increasingly at risk due to a worldwide rise in cybercrime. While this impacts all sectors and organizations, nonprofits are often perceived as vulnerable because they may not have adequate resources to safeguard the data they need to operate – impacting everyone from donors to program participants to volunteers.

In response, Microsoft is launching the Security Program for Nonprofits – a set of security offerings, built to complement Microsoft’s security suite, to provide proactive monitoring and notification in the case of a nation-state attack, assess organizational and infrastructure risk to help organizations enhance their security posture based on their environment, and streamline security training for IT professionals and end-users. Our objective is to support 10,000 organizations in the first year, with a three-year goal of providing these services to 50,000 organizations worldwide. This includes:

AccountGuard for Nonprofits: The AccountGuard program notifies organizations when their Microsoft 365 organizational accounts, or the Outlook and Hotmail personal accounts of staff and board members are targeted or compromised by sophisticated nation-state actors. The program has now expanded to 32 countries, and more than 1,500 threat notifications have been issued. We are now offering AccountGuard to all eligible nonprofits at no additional cost. Eligible organizations can learn more and get started by claiming the offering in their nonprofit hub.

Free security assessments: We are offering free security assessments to nonprofit organizations to help them better understand the vulnerabilities in their existing endpoints, identity access, infrastructure, network and data with the objective of supporting and prioritizing an immediate action and remediation plan to better protect their environment from any imminent risk with support from our partner ecosystem. To sign up for an assessment, talk to your account team or sign up here.

Free training pathways for IT administrators and end-users: We’ve cultivated training pathways to streamline the top recommended trainings for nonprofits, regardless of role. Employees from any background now can learn the latest strategies to protect themselves from online scams and attacks, and work from home more securely. IT administrators have access to the Security Skilling Hub and Microsoft 365 Administrator’s Security Toolkit, all available through the Security Program for Nonprofits page.

Microsoft’s 2021 Digital Defense Report confirms that in the past year, cybercrime has grown in scale and sophistication, leveraging crises to take advantage of at-risk targets. The report highlights that, in the past year, NGOs and think tanks were the second most targeted sector by cybercriminals, accounting for 31% of all notifications of nation-state attacks against organizational domains as detected by Microsoft. These organizations are attractive targets for nation-state actors because they often store sensitive data. Additionally, according to the 2021 Cybersecurity Guide for Nonprofit Organizations, although cybercriminals attempt to access government and nonprofit databases every 39 seconds, up to 70% of charity networks lack a comprehensive vulnerability assessment to determine risk.

Two men work on a laptop
Photograph: Catholic Relief Services

Organizations like Catholic Relief Services understand the risk and cost of cyber intrusions from first-hand experience. The international humanitarian nonprofit provides aid to 130 million people in more than 110 countries, assisting in relief efforts in Haiti and those affected by Tropical Storm Elsa, and vaccine rollouts.

In 2017, Catholic Relief Services learned it was vulnerable to a cyberattack after an incident in Central Africa that left personal, economic and geographic information exposed. Then, earlier this year, nonprofits worldwide were hit by the Nobelium email-based attack. While Catholic Relief Services was not directly targeted, Joel Urbanowicz, Director of Digital Workplace Services for the organization, characterized both incidents as wake-up calls that prompted them to further invest in cybersecurity and work with Microsoft on a unified, pre-integrated solution. They have made significant strides to improve their security posture across the board, including multi-factor identification, cloud app security and other safeguards now in place. But Urbanowicz acknowledges the issue is constantly evolving – and it’s challenging for any nonprofit to tackle, especially with finite resources.

Catholic Relief Services welcomes the new cybersecurity offerings. “It is important for us to understand where we possibly could do better,” says Urbanowicz. “Yes, it’s daunting and there is a lot to do when addressing cybersecurity, but it’s necessary. The best way to approach this is to start with one thing, get good at it and then move on to the next.”

It’s up to all of us to support nonprofits as they work on the front lines of need around the world. Volunteers, partners, donors and employees continue to accomplish great things in the face of great need.

We continue to stand with nonprofits so they can focus on accomplishing their missions without compromising organizational security.

For more information:

Tags: , , , , ,