Securing Nonprofits to Help Everyone
I've probably had dealings with nonprofit organizations my whole life without always knowing it. From the tzedakah (charity donation) box passed around in Sunday school to the March of Dimes collections in our neighborhood, from the Jerry Lewis telethons I saw on TV to the first episode of Sesame Street I saw on my local PBS station, these mission-driven organizations have been all around me.
After college I started volunteering on suicide hotlines wherever I lived, and alongside hearing some of the most painful stories, I also made some of the most wonderful friends with my fellow volunteers. There's something about sharing a cause that feeds your soul more than the work you do for a paycheck.
In all that time, though, I never considered how those organizations were securing themselves. I would write checks and set up recurring donations to my favorite charities without ever thinking about whether my donations were safe. You think about the most prominent nonprofits, the ones whose offices are housed in buildings with the biggest donors' names carved into their marble walls, and you expect that with all the money they're bringing in, they can't possibly fall victim to garden variety ransomware or a money transfer email scam ... can they?
But not every nonprofit has the same resources as a large commercial enterprise, and the best nonprofits try to run as lean as they can, saving all their funds for their mission. This can make it harder to stay above what I call the security poverty line. To secure themselves, they need not just money, but they also need expertise, the capability to act on security requirements, and influence with their suppliers. As we know, the world has gotten more hazardous for organizations of all sizes. It doesn't matter whether you're specifically targeted; there are opportunistic threats all around, and all assets look the same to a malicious scanner.
This is why I joined Sightline as an advisor: to make sure that nonprofits can continue to carry out their missions. The money and time that I donate won't make a difference if the organization itself falls prey to an attack. I can't tell my favorite charities how to do their jobs, because their environments and missions dictate what they can do. But with Sightline's help, we can enable them to assess their own security state and connect them with resources to mitigate their risks in whatever ways work best for them.
As security threats like ransomware and fraud endanger all industries, it's more important than ever for us to step up and help the helpers. You don't have to be the beneficiary of a nonprofit, or work for one. If you have a cause you believe in, you can take steps today — not just to give money, but to give security to make a difference. Mention Sightline to a mission-driven organization that you support; ask companies that donate to charities to sponsor an assessment from Sightline as well. Donate to Sightline directly, or volunteer your skills as a security professional. Let's make it our mission to protect other missions.