Estimated reading time: 3 minutes, 17 seconds

Hackers Prey on Nonprofits’ Lack of Cybersecurity. Here’s What You Can Do About It. Featured

Hackers Prey on Nonprofits’ Lack of Cybersecurity. Here’s What You Can Do About It. chris panas

As resource-strapped nonprofits must choose where to focus their energy and money, IT and cybersecurity are often underfunded and under-staffed, leaving systems vulnerable to cyberattack. This is especially concerning when considering that nonprofits collect and store sensitive financial information, as well as social security numbers and other PII, that hackers and cyber criminals desperately seek.

But all’s not doom and gloom. Nonprofit organizations can leverage automated email security platforms to mitigate these issues, also freeing up what IT resources they do have to focus on bigger picture issues around cybersecurity and other technology needs.

Why email security is a must-have for nonprofit organizations 

Today, 90% of all cyberattacks begin with a well-crafted phishing email that lures a click or download, or entices an illegitimate action, such as a wire transfer or credential sharing.

Nonprofits have long been viewed as low-hanging fruit for phishing attacks by hackers because, more often than not, such organizations lack email security safeguards while staff and volunteers may not be educated on how to best spot what’s real from what’s fake. In fact, a recent report from the NTEN found glaring gaps in nonprofit cybersecurity postures, including a lack of training and little monitoring of devices used by employees.

One example of an organization  that’s taken preventive measures to protect their donor base and network of partners is Charlotte, North Carolina-based tech nonprofit Apparo. As their mission is to help other nonprofits overcome tech problems, they knew they needed to walk the talk with an extra layer of email security on top of Microsoft O365 Advanced Threat Protection (ATP), now known at Microsoft Defender, which wasn’t sufficient in stopping phishing attacks.

Why? Microsoft ATP, known as a secure email gateway (SEG), isn’t built to stop phishing emails that contain no links or attachments. At this point, I’d expect almost everyone has seen an email impersonating their CEO or colleague asking for a quick task. The kicker there is that, because it’s only text, SEGs have an extremely difficult time identifying the message as malicious.

To mitigate risk, Apparo implemented a security solution that scrapes metadata and utilizes emerging technologies such as natural language understanding to block text-only phishing emails. After implementing the platform, Apparo saw a 99% decrease in phishing attacks penetrating inboxes.

According to Stephanie McKee, director of technology engagement at Apparo, the “banners, warnings and intuitive self-management not only protects our inboxes by blocking these emails from getting in front of our team, but it is also empowering our employees to stay proactive and vigilant against advanced attacks.” This dual approach to email security (technology and human intelligence) is key to mitigating risk.

McKee also notes, “Leaders of nonprofit organizations, like those Apparo serves, should know that adopting such technology doesn’t have to be a daunting and expensive task. We simply need to make it more well known that such options exist, can be easily implemented and won’t require massive security teams to implement.”

Cybersecurity solutions often have a bad reputation for being costly and technologically complicated to manage. But for nonprofits, email security can be a simple, non-time-intensive implementation with seamless integrations into current email and IT systems. With no security expertise needed or custom configurations, there’s a clear path forward for nonprofit organizations looking to protect their employees, donors and sensitive data. That path begins with emphasizing email security.


Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the information security domain. He also served as technical lead at Imperva, working on the Web Application Firewall product and other security solutions. A passionate cyber researcher from a young age, Eyal holds a degree in computer science and mathematics from Bar-Ilan University in Israel.

Read 329 times
Rate this item
(0 votes)

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.