Cybersecurity Awareness Month: Protecting the Digital Backbone of Not-for-Profits

How scary is the thought of a data breach? So scary that they made October cybersecurity month.

2024 marks the 20^thanniversary of this observation. Not-for-profits who work within large, digital systems are contemplating ransomware, malware, and phishing as much as werewolves, witches, and mummies.

To “celebrate” Cybersecurity Month, CICF asked its Senior Director of Information Technology David Donaldson a few questions to help not-for-profits safely navigate the digital space.

Q: What are the objectives of Cybersecurity Month?

A: The month is an international effort to educate everyone about online safety. It has three main educational objectives: how to better protect confidentiality of sensitive information; how to better protect the integrity of our informational systems; and how to better protect the availability of those systems and data.

Q: Why is this month important for not-for-profits?

A: As stewards of community members’ money and data, cyber-attacks can do real damage to our operations, negatively impacting the wider community. Regular training and annual reminders like Cybersecurity Month keep not-for-profits in line with the best practices to secure their systems.

Q: What are common cyber attacks on not-for-profit organizations?

A: There are three big ones.

• Ransomware holds a victim’s computer system and data hostage, demanding payment to restore access.
• Malware can cause data breaches and even result in hardware failures.
• Phishing uses social engineering (manipulation, deception, etc.) to trick users into voluntarily revealing sensitive information, downloading malware, or interacting with a malicious site.

Q: How does CICF secure its systems?

A: In several ways.

• We contracted an overall IT security audit and made several major updates to our IT infrastructure as a result.
• We use multiple security software to monitor and detect online attacks.
• We certify our credit card processes annually to obtain PCI compliance certification.
• We conduct bimonthly Knowbe4 cybersecurity training exercises for staff.
• Knowbe4 also conducts monthly phishing tests to gauge how well staff complies with the principles learned in training.

Q: Does AI present a unique risk to cyber security?

A: Yes. Data breaches are a significant concern for AI systems, as they often handle large volumes of information. If an AI system is compromised, it could lead to unauthorized access to confidential data.

Q: In the spirit of the season, what is the scariest depiction of a lack of cybersecurity in a movie?

A: I have two favorites. 2001: A Space Odessey in 1968, where a computer named HAL takes over a spaceship and attempts to kill the crew. And the other is Skynet in The Terminator movies—an AI software that leads a robot army against humanity.