2 min read

Russia-Ukraine Cybersecurity Crisis - A Nonprofit's Guide

Featured Image

As the tensions mount between Ukraine and Russia the expectations of cyber attacks against the United States are increasing rapidly, and nonprofit cybersecurity has never been more important. Keep up to date with the latest developments in the situation here.

With events beginning to happen on a global scale you hopefully have your cybersecurity measures in place. As the crisis continues to unfold, the threat to your organization may grow.

While many smaller nonprofits and organizations may think that a foreign entity targeting them is unlikely, we want you to think about the tools you use on a daily basis that are critical to your operations. Gmail, Office 365, Saleforce, and your other cloud-based toolkits, are all huge businesses that could be potentially targeted during a global cybersecurity conflict.

For our New York clients, from Governor Kathy Hochul,

"The reality is that because New York State is a leader in the finance, healthcare, energy, and transportation sectors, our state is an attractive target for cyber criminals and foreign adversaries... New Yorkers should also remember they are vulnerable to cyberattacks on their personal devices, and I encourage them to use best practices around passwords and multi-factor authentication, and to make sure that older loved ones are protected from scams."

Quote from the Associated Press

governor hochul remarking on the ukraine russia situation

Governor Hochul’s remarks apply not only to New York. There is some level of risk for all U.S. nonprofit organizations, and her advice holds true from Texas to California to Maine to New York.

While there is no way to 100% secure your organization, there are many measures that can be taken to help mitigate the cybersecurity risks of an attack.

How to prepare?

Hyper vigilance during this time period while tensions are high can be the difference between successfully averting a cyber attack or not.

If you have a cybersecurity provider the number one thing you can do to ensure your organization stays safe is to check in with them and verify the authenticity of any suspicious activity you encounter. For RoundTable Technology clients, you can contact us here.

Implement Multi Factor Authentication on all cloud-based accounts. This will mitigate the risk of gaining access to accounts with weak, reused, or breached credentials.

We recommend not processing any financial transactions changes to wire transfers, direct deposit, or HR change requests within your organization without verbal verification with the requestor.

Be extra cautious about links and attachments in emails, if you aren't sure if a link or attachment is legitimate, DO NOT open it. Should you click on anything that then requires entering your credentials, pause and verify the request.

Have your webmaster review your website security, especially if you use your website to collect sensitive information from your clients or staff, or to process donations.

Make sure that your data is being backed up regularly. Software as a Service (SaaS) tools specifically still need to be backed up frequently, as your data is not guaranteed by the provider. Learn more about the misconceptions of builtin SaaS Backups here. 

As Governor Kathy Hochul stated, using best practices around passwords and multi-factor authentication is one of the easiest ways to beef up your personal and organizational security.

If you are still unsure if your security measures will be sufficient you can schedule a 30 minute Cybersecurity Assessment with us, where one of our cybersecurity experts will review your current state and provide recommendations.

Book your Cybersecurity Assessment

NY SHIELD Act Compliance Checklist for Nonprofits

The New York SHIELD Act (“SHIELD”), which went into effect in 2020, provides needed clarity around what constitutes reasonable data security. The use...

Read More

Protect Yourself from Fake QR Codes

With the pandemic also came a resurgence of QR codes. Once thought dead, at least in the United States, they are now more widespread than ever. From...

Read More

What is Pretexting? How to Avoid Being Victimized

Pretexting is a type of social engineering attack that is often used to gain access to confidential information. In a pretexting attack, the attacker...

Read More