Nonprofits with low IT investment and mixed staffing models are easy targets for cyberattacks
Since the hack, Southwest Solutions has been offering cybersecurity training to employees and has added multi-factor authentication for its systems, with a secondary login code sent to another email or cellphone. It is also about budgeting IT investments.
It replaced old desktop computers with new laptops for each of its 250 employees at a cost of $500,000. It also moved data storage to the cloud and contracted with an IT help desk for about $180,000 a year, in the absence of a centralized IT department, Sherman said.
NeighborWorks America, one of Southwest Solutions’ backers, provided $40,000 to $50,000 in grants to help fund some of the ongoing computer upgrades, she said.
But funding for cybersecurity and IT upgrades is scarce, said Rick Cohen, chief operating officer and director of communications for the Washington, DC-based National Council of Nonprofits.
“It’s a huge and difficult problem to solve,” he said.
“Too many donors…still hear the same old, outdated, and damaging advice to nonprofits spending less on ‘overhead’, leading nonprofits to be hesitant to invest as much as they should in key cyber infrastructures.”
Nonprofits that feel confident making these investments often don’t have the funds to do so, especially those that do a lot of work under government grants and contracts, Cohen said.
“When those contracts don’t pay the full amount it costs to provide a service, there simply isn’t additional funding available to upgrade their technology.”
One of the biggest issues for nonprofits in mitigating cybersecurity risk is the fact that threats evolve quickly and change often, MNA Chief Technology Officer Adam King said in a statement.
Keeping systems up to date and subscribing or purchasing security services can be expensive, he said. Funding for IT upgrades and cybersecurity initiatives is starting to emerge, but it is slowly changing.
The federally funded 2022 Nonprofit Security Grants Program, a $250 million program providing money to nonprofit organizations to prevent and respond to terrorist attacks, is primarily a grant program for physical security, but has accepted grant proposals for some cybersecurity needs, provided they are included in the nonprofit organization’s vulnerability. assessment, said Bailey Wilkins, public information officer for the Michigan State Police’s Emergency Management and Homeland Security Division.
The program, which closed applications in late May, will consider funding requests for things like encryption software, virus protection and firewalls, she said.
Some nonprofit leaders are unaware that they can use general capacity grants for computing needs, said Khalilah Burt Ghaston, executive director of the Song Foundation, which is funded by Linh and Dug Song, who is co -founder of internet security provider Duo Security. .
“The technology needs of nonprofit organizations as part of overall capacity building efforts is something the Song Foundation will consider as a possible area for funding,” Burt Ghaston said.