8 cybersecurity tips for nonprofits and small businesses

It's a widely held belief that only large corporations are targeted by cybercriminals, but that couldn't be further from the truth. In reality, smaller businesses and nonprofits are increasingly targeted by cyberattacks—yet only a fraction have comprehensive security measures in place.

“Smaller organizations are an attractive target for online criminals because of potential vulnerabilities caused by weaker security practices,” said Paul Tucker, chief information security and privacy officer at BOK Financial®..

According to Tucker, cybercriminals know that smaller organizations may store valuable customer data, intellectual property and financial information while lacking the sophisticated defense systems of larger enterprises, creating an opportunity for potentially lucrative attacks with less resistance.

“Small businesses and organizations might not have a dedicated team in place to constantly monitor potential vulnerabilities and address them, which likely leaves them more vulnerable to attacks,” he explained.

Impacts of cyber breaches or fraud scams

Victimized small businesses and nonprofits can suffer significant financial losses. The true cost of a breach varies, but IBM has estimated that the average small organization can expect to pay $120,000 to $1.24 million to respond to and resolve a cyber or fraud issue. Plus, there may be other consequences as well, including:

• Reputational damage from the erosion of customer trust, which can lead to lost sales and customers.
• Operational disruptions to the day-to-day functions of the organization, especially when systems are down and payments can’t be made.
• Legal and compliance issues, which can lead to additional financial loss in the form of fines and lawsuits (especially if sensitive customer data is compromised).
• Increased insurance premiums that can make it more difficult for small businesses and nonprofits to secure adequate protection for their organization.

8 steps to protect your organization

Protecting critical data and systems is vital to an organization, according to Tucker. Without a full-time IT team, company leaders must take the following steps to protect valuable data and systems:

• Perform regular software updates across your applications and tools that you regularly use. “Often, these updates include security patches that help protect sensitive data from cybercriminals,” Tucker said.
• Establish a strong password policy across the organization. This might entail a mix of upper/lower case letters, numbers and symbols, with regular required password changes. (Bonus: Ensure your applications and accounts are protected with multi-factor authentication [MFA], which includes a second form of identification to access an account, such as facial recognition, SMS or a passcode).
• Invest in antivirus protection to detect and block malware that can be installed through phishing attacks across your platforms to steal your data.
• Train your employees (and create a culture of safety across the organization). Possible subjects might include how to confidently spot a phishing scam, password protection training, data privacy best practices and safe online practices.
• Secure your Wi-Fi networks. Encrypt information and use a firewall to protect your data from outside sources. Ensure your Wi-Fi network is secure (password protected) and hidden.
• Backup your data regularly, which will make it easier to recover if an attack does occur.
• Consider hiring a managed services provider (MSP) that can provide ongoing monitoring and maintenance of your technology systems to help ensure your data is protected.

Learn more about BOK Financial's online security or call 844-517-3308 to report suspicious activity on BOK Financial-related accounts. The Cybersecurity and Infrastructure Security Agency also keeps an up-to-date list of current threats.