Three Information Security Things to Do NOW to Prevent a Nonprofit Operations Shutdown

“The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration,” the organization said in an email.

The International Committee of the Red Cross (ICRC), a program that reunites families separated by conflict, migration or disaster, experienced a data incident involving one of their key vendors, and over 500k people’s personal information was exposed to hackers. 

As of January 25, 2022 the ICRC reported, ”We also feel it is important to clarify that this was a targeted, direct cyber-attack on ICRC servers, not the company that hosted them. We manage the data and applications on these servers, not the hosting company.” 

Though the investigation and analysis of the scope and impact of the attack is ongoing, the incident severely impacted the organization’s day-to-day operations. 

Attacks can expose vulnerable client data and donor records. The impact to a nonprofit’s mission, credibility, fundraising, and critical activity is at significant risk.

Nonprofits are not immune to cybersecurity attacks - directed or not.  What you need to do NOW to Prevent a Nonprofit Operations Shutdown:

Measures can be put in place to prevent the harsh repercussions of a significant breach. Consider these safeguards with your senior team, immediately:

  1. Know your data -> map data across your organization and the systems they live in. 

  2. Identify what’s vital to your mission and take steps towards protecting it. Ask your senior teams, “How would we handle a situation similar to the ICRC attack? Even at a smaller scale? Are we ready?”

  3. Ensure cloud-based systems are in place to aid if an incident affecting operations should occur.

Cyber incidents will happen, regardless of the strength of your cybersecurity practices. Begin to plan for attacks - unfortunately, it’s not a matter of if, but when. 


Sightline Security is a 501(c)(3) here to equip and empower mission-based and nonprofit organizations to integrate cybersecurity with confidence. Please reach out to us if we can help you put together an effective cybersecurity plan.