This means embracing frequent backups in multiple settings, including in the cloud and in physical form. One approach is the 3-2-1 rule, which calls for three recent backups in two separate formats, with one backup offsite. These backups can help mitigate the impact of a potential attack.
Existing policies around sharing and storing donor data should also be considered. This could include limiting access though multifactor authentication and encryption, and following compliance frameworks such as the General Data Protection Regulation.
It’s also important to make sure your employees are prepared to identify suspicious behavior and emails. Workers can be the last line of defense against ransomware, and arming them with actionable steps can help significantly. Unfortunately, insider threats can also play a role in potential ransomware attacks, so building an effective program to thwart them is another key investment to make.
Focus Security Efforts on Leadership
Nonprofit leadership is a crucial piece of the puzzle and can ensure that concerns about security like ransomware are heeded throughout the organization. Leaders can convince employees and volunteers to take cybersecurity seriously.
More significantly, executive directors, board members and CEOs are prime targets. They can become the focus of strategies like spear-phishing attacks. These types of attacks can be combined with ransomware for maximum impact.
With that in mind, cybersecurity training should emphasize the responsibilities of teams at the top.
Launch a Ransomware Response Strategy
Prevention may limit your ransomware risk, but there’s always a chance something will get through. At that point, the focus switches to minimizing harm and impact.
Many organizations don’t have a strategy for this. An eMarketer study found that just 45 percent of businesses have a contingency plan in case an attack happens. Cleaning up after an attack can also be expensive: A recent Sophos survey found that the cost of recovering rose to nearly $2 million in 2021.
Ransomware attacks take many forms, and strategies to combat it should follow suit. Plans must consider potential effects on finances, business functions, donor goodwill and public relationships. They also need to account for vulnerabilities in outside vendors and supply chain links, something that has negatively affected nonprofits in the past.
A good response strategy keeps in mind factors both technological and tactical, using tools to lock down information as needed to minimize the impact of an attack and deciding whether the organization will pay a ransom — something that Kaspersky notes often doesn’t lead to data being returned.
The good news is that there are options for nonprofits that may not have ransomware experts on staff. Services like CDW Amplified™ Security services can help you prepare for a potential attack and quickly respond if it becomes necessary.