The urgency of preventing cyberattacks is being felt at nonprofit financial management meetings nationwide. Since the latest string of viruses including Wanna Cry, which hit government agencies and nonprofits in the U.K. and to a lesser extent in the United States, causing millions of dollars in damages and lost work, nonprofits are taking another look at their cybersecurity preparedness.
It’s not a question anymore of “if” an attack will happen, but “when” – and to some extent, what kind. If you think we’re being alarmist, consider this. In 2014, approximately 40% of corporate directors discussed cyberattacks at their board meetings. Today, that figure jumped to 90%. Closing loopholes that keep your organization open to cyber attacks and taking measures now to prevent them is an important step in nonprofit financial management. And that discussion starts at the top of the organization with executive stakeholders, nonprofit boards, and others leading the nonprofit financial management teams.
Risks of Cyberattack: What Is at Stake?
If you haven’t dealt with a bad virus or attack you may not be aware of how much disruption it can cause throughout the organization. Some examples of the ramifications of a cyberattack include:
- Extortion: Extortion is an ugly word but it accurately describes the FBI or Wanna Cry viruses that infected nonprofit organizations, for-profit organizations and to some extent with the FBI virus personal computers as well. These viruses encrypt data on infected machines so that users cannot move beyond the equivalent of a digital ransom note. Either pay up or face locked and useless data. While some systems can be cleaned after infection, computers may never fully recover.
- Expenses: The expenses of a cyberattack can be astronomical. Consider how many consultants, freelancers, and temps you may need to hire to clean out an infected network. Data backups may need to be restored and everything cleaned, checked, and checked again. The average cost of recover from a cyberattack is $4 million – regardless of organization size.
- Lost productivity: While the network and hardware are being restored, valuable time is wasted. Cyberattacks account for a great deal of lost productivity annually and nonprofit organizations are not immune.
- Loss of intellectual property: Thefts can take up to 100 days or more to be noticed. If hackers make off with confidential data, plans, and financial information, your organization could face significant damages from loss of intellectual property.
- Public relations nightmare: News of a cyberattack can be a public relations nightmare. You will have to conduct damage control PR and counteracts negative publicity. This is the time that could be better spent promoting your organization’s mission and more.
- Lost trust: Unfortunately, when news of a cyberattack breaks, there is a sense of lost trust in the affected organization even if they did everything right and nothing wrong. People may be afraid to visit your website, make donations online, or share information with you if it is stolen.
Nonprofit financial management includes making your Board of Directors aware of the potential risks of a cyberattack. Only after understanding such risks can they review the information presented to them to prevent such problems and make sound decisions.
Steps to Take
Nonprofit financial management leaders should take every precaution when dealing with potential cyberattacks. By learning all you can about the dangers and the steps to take to prevent them, you can then share this information with your Board and other leaders to take preventative measures.
Steps you can take to prepare for discussions around potential cyberattacks include:
- Taking an inventory of all software and systems, along with associated risks factors for each system such as access levels, password protection, etc.
- Formulate a response plan now so that team members know what to do in the event of a cyberattack.
- Purchase cyberattack While not preventing an attack per se, it can cover damages and losses so that your organization doesn’t suffer serious financial hardships from a cyberattack.
- Hire a good consultant in the event you need extra help with an attack. A nonprofit financial management firm such as Beck & Company can be your backup plan to help you cope with potential attacks, conduct risk inventories, and create response plans.
Just as you cannot prevent every virus (like the common cold) from infecting you personally, you may not be able to prevent every instance of a computer virus from affecting your nonprofit organization. But just as you can wash your hands, get plenty of rest and avoid contagion from people already sick with the cold or the flu, you can also take important steps to prevent infection of your computers from occurring. Make cyberattack awareness, prevention, and recovery a priority this year.
Nonprofit Financial Management and Consulting from Beck & Company
If you need help planning, preventing, and formulating a response to cyberattacks, Beck & Company can help. We are Washington DC area nonprofit advisors and are Virginia certified nonprofit accountants. We work with nonprofits of all sizes serving many different constituents nationwide, providing a variety of consulting, auditing, and accounting services. For more information, please contact us at 703-834-0776 x 8001.