About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Contact
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation M&A Advisory Outsourced Accounting Solutions Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

The 2 Most Common Cybersecurity Attacks Your Not-for-Profit Will Want to Avoid

July 30, 2019 Not-for-Profit

Cybersecurity threats, data breaches and email fraud have become part of the daily headlines, impacting businesses and organizations of all sizes and from all industries. During 2018, an estimated 5 billion records were breached world-wide, costing companies an average of $3.86 million per breach. It’s estimated that over the next two years cybercrime will cost companies and organizations a collective $6 trillion!
 
In addition to the monetary cost of a data breach, cyberattacks can be even more damaging to not-for-profit entities due to the potential loss of donors and stakeholder confidence. This could impact the ability of an organization to carry out its mission and achieve its goals.
 
With the growing number of cybercriminals, complexity of attacks and speed in which threats adapt, it may no longer be a question of if your organization’s network will be compromised, but rather when. Below takes a brief look at the different types of popular cyberattacks currently and what steps your not-for-profit can take to best protect itself.

1. Phishing (or Spear Phishing) and Whaling (or C-Level Fraud)

These are cyberattacks that have been around for some time but continue to be a very effective form of attacks used by hackers.
 
Carried out via email, today’s phishing attempts have grown complex and difficult to detect. Often a hacker will impersonate a known stakeholder, such as a vendor, donor or beneficiary. The hacker will ask the unsuspecting employee for confidential information or money, attempting to appeal to the unsuspecting employee’s willingness to help those in need.
 
Whaling is very similar to phishing; however, whaling impersonates an organization’s C-level executive. In most cases, these attacks are thoughtfully carried out over a longer period of time, in which the hacker researches the executive before attempting to trick an unsuspecting employee.
 
The best protection against phishing and whaling attacks is to train employees to be vigilant and aware that these types of schemes are out there. Have a policy in place for what employees should do when unusual email requests are made, even if the email’s sender appears to be known to the organization. Run phishing attack simulations to test and train employees to be on-guard against these attacks.

2. Cryptojacking and Ransomware

These types of attacks are carried out through the use of malicious software that has worked its way onto your network through a network breach.
 
Cryptojacking is when cybercriminals find a way to secretly access your computer to mine cryptocurrency. Cryptojacking can infect your organization’s website, in turn infecting the computers of your website visitors, or your organization’s computers when someone visits an unknowingly infected website. Once a computer is infected, this bug hijacks its processing power to carry out the secret cryptomining activity, slowing down the computer and network.
 
Ransomware is an even more invasive type of cyberattack in which hackers gain access to an organization’s network and install malicious encryption software to lockdown and hold your organization’s data hostage until a ransom is satisfied.

How to Protect Your Not-for-Profit Against These Attacks

While cryptojacking and ransomware are the two most common forms of cyberattacks occurring today, below are some key steps to help protect your organization against any cyber threats:

  • Have strong password controls,
  • Actively update anti-virus software,
  • Review firewall and server activity logs,
  • Change default passwords on all network connected devices,
  • Ensure systems are all up-to-date with the most recent security patches,
  • Regularly scan your organization’s computer systems and network for unauthorized devices.
  • Make employees aware of common security threats through training and
  • Properly back up critical data.

Please contact Marie Brilmyer at mbrilmyer@cohencpa.com or a member of your service team for further discussion.
 
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2023 Cohen & Company