Russia-Ukraine Cybersecurity Crisis - A Nonprofit's Guide

As the tensions mount between Ukraine and Russia the expectations of cyber attacks against the United States are increasing rapidly, and nonprofit cybersecurity has never been more important. Keep up to date with the latest developments in the situation here.

With events beginning to happen on a global scale, you hopefully have your cybersecurity measures in place. As the crisis continues to unfold, the threat to your organization may grow.

While many smaller nonprofits and organizations may think that a foreign entity targeting them is unlikely, we want you to think about the tools you use on a daily basis that are critical to your operations. Gmail, Office 365, Salesforce, and your other cloud-based toolkits, are all huge businesses that could be potentially targeted during a global cybersecurity conflict.

For our New York clients, from Governor Kathy Hochul,

"The reality is that because New York State is a leader in the finance, healthcare, energy, and transportation sectors, our state is an attractive target for cybercriminals and foreign adversaries... New Yorkers should also remember they are vulnerable to cyberattacks on their personal devices, and I encourage them to use best practices around passwords and multi-factor authentication, and to make sure that older loved ones are protected from scams."

Quote from the Associated Press

Governor Hochul’s remarks apply not only to New York. There is some level of risk for all U.S. nonprofit organizations, and her advice holds true from Texas to California to Maine to New York.

While there is no way to 100% secure your organization, there are many measures that can be taken to help mitigate the cybersecurity risks of an attack.

How to prepare?

Hypervigilance during this time period while tensions are high can be the difference between successfully averting a cyber attack or not.

If you have a cybersecurity provider the number one thing you can do to ensure your organization stays safe is to check in with them and verify the authenticity of any suspicious activity you encounter. For RoundTable Technology clients, you can contact us here.

Implement Multi-Factor Authentication on all cloud-based accounts. This will mitigate the risk of gaining access to accounts with weak, reused, or breached credentials.

We recommend not processing any financial transaction changes to wire transfers, direct deposit, or HR change requests within your organization without verbal verification with the requestor.

Be extra cautious about links and attachments in emails, if you aren't sure if a link or attachment is legitimate, DO NOT open it. Should you click on anything that then requires entering your credentials, pause, and verify the request. 

Have your webmaster review your website security, especially if you use your website to collect sensitive information from your clients or staff, or to process donations.

Make sure that your data is being backed up regularly. Software as a Service (SaaS) tools specifically still need to be backed up frequently, as your data is not guaranteed by the provider. Learn more about the misconceptions of built-in SaaS Backups here. 

As Governor Kathy Hochul stated, using best practices around passwords and multi-factor authentication is one of the easiest ways to beef up your personal and organizational security.

If you are still unsure if your security measures will be sufficient you can schedule a 30-minute Cybersecurity Assessment with us, where one of our cybersecurity experts will review your current state and provide recommendations.