NFPs “inherently vulnerable” to cyber security attacks
6 February 2023 at 3:48 pm
Speaking ahead of Safer Internet Day, Infoxchange’s CEO gives key tips to improve the security of online information.
The for-purpose sector is critically lagging behind when it comes to information security, according to David Spriggs, CEO of technology not for profit and social enterprise Infoxchange, speaking ahead of Safer Internet Day.
Now in its 20th year, the day aims to bring together organisations, communities, families and schools from over 200 countries to help create safer spaces online.
“The not-for-profit sector is inherently vulnerable in relation to cyberattacks, holding data on some of Australia’s most vulnerable community members. The sector has also traditionally not had the resources to invest in this area,” Spriggs told Pro Bono News.
“With the growing number of cyberattacks and data breaches, this is an area that needs to be urgently addressed by the sector.”
See more: Building digital capability and resilience: a new year’s resolution for the not-for-profit sector
While over 60 per cent of not-for-profit organisations expected a surge in reportable cyber incidents last year, just under half of sector leaders (48 per cent) actually made progress on establishing a cybersecurity and privacy uplift program, found PwC’s 3rd annual not-for-profit CEO survey.
Even more concerning is that CEOs are not prioritising upskilling their employees in areas of cybersecurity and privacy, instead pursuing softer skills including teamwork, problem solving, adaptability and resilience.
See more: NFP leaders say they are vulnerable to cyber attacks
The international 2023 Cyber Threat Report found that charities are more vulnerable to cyberattacks than private and governmental organisations, despite each sector facing the same risks.
Phishing, ransomware, fake organisations and websites, and Business Email Compromise – a specialist form of phishing that targets work email addresses – are identified as the top methods of cyberattacks.
See more: Cyberattack hits not-for-profit sector
Spriggs argues that it is wise for staff to adopt a level of scepticism about potential scams from all emails, text messages and phone calls received, particularly when being asked to provide personal information.
He also recommends not-for-profit organisations implement multi-factor authentication wherever available – a simple step to significantly improve information security – and to use password managers to avoid reusing phrases out of fear of forgetting.
Finally, Spriggs suggests technological devices and apps are updated automatically, as upgrades usually include defence mechanisms against new or emerging bugs or glitches, and that organisations invest in reputable anti-malware protection.
See more: New governance principles in wake of Medibank cyber attack
The 2023 Safer Internet Day theme is ‘Connect. Reflect. Protect.’, which encourages individuals to use social media and online games in a positive and safe way; to keep apps and devices secure; to consider how online behaviours affect other people; and to reach out to others about eSafety concerns.
