A Cyber Attack Can Potentially Shut Down a Business for Good -- Is Your Association Protected?
According to a study conducted by IBM and the Ponemon Institute, the average cost of a data breach in 2022 was $9.44 million. The most common attacks included ransomware (a type of malware that prevents or limits users from accessing their system either by locking the system’s screen or by locking the users’ files until a ransom is paid) and phishing (a type of social engineering attack often used to steal user data like login credentials and credit card numbers; the attacker usually masquerades as a trusted source.)
For nonprofits, it only takes one cyberattack to shut down its operations and potentially force the group to close its doors for good. SMG recommends that all SMG clients carry cyber insurance coverage. SMG’s Chief Financial Officer Amy Chetelat, M.B.A., CAE briefs account executives and association partners on the importance of safeguarding against this growing threat.
Amy talked about cybersecurity concerns and the best practices SMG suggests our Association Partners follow.
SMG: What is the biggest cybersecurity risk facing associations today?
AMY: Ransomware is a big security threat to not only non-profits and government organizations but all businesses in general. Since ransomware is the result of a phishing attack, an employee or volunteer with access to the association’s network and bank accounts is a potential risk. The biggest threats I have personally seen so far are threats from phishing emails asking employees to make emergency payments or purchase gift cards. SMG cautions employees about these types of threats and are given examples of what to look out for (i.e., asking to buy gift cards on behalf of someone they work with; emails sent to an employee from someone masquerading as a co-worker asking to share private/financial information.)
Websites are particularly vulnerable if the right kind of protections are not in place. SMG works with professionals to protect data and our third-party website and database vendors are continuously monitoring protections.
SMG: Do you have any first-hand experience with a cyber threat in your business?
AMY: I do not have any personal experience with a cyber threat. Our IT company monitors our servers and computers for threats and, on an ongoing basis, our internal IT manager sends out educational emails to all staff and new threats and what to look for. Our staff is trained on what to look for in an email and to determine if it is legitimate or not. We also have procedures in place for making payments that require multi-level approvals before payments are ever made.
SMG: What recommendations does SMG make to its client partners?
AMY: We do this on a case-by-case basis. We monitor the bank accounts closely so we will know quickly of any threat or breach. We then take steps to protect that client moving forward. Most importantly, all SMG clients are advised to carry cyber insurance policies. It is a smart business decision.
SMG: Other comments that may be of interest to readers?
AMY: The hackers are getting more sophisticated every day. Therefore, we have strict procedures in place where we refuse to make any payments either by check or wire without going to the proper authorization channels.
For more information on cybersecurity and insurance policies to protect your organization, contact SMG.