By: Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal, and Darren Hulem, IT and Risk Analyst
The COVID-19 crisis, with a new reliance on working from home and an overburdened healthcare system, has opened a new door for cybercriminals. New tactics include malicious emails claiming the recipient was exposed COVID-19, to attacks on VPNs and remote desktop software. Experts agree that now is more important than any other time in history to consider your information security.
Recent data security mandates and ongoing budget pressure had already pushed many nonprofits and associations to change their traditional business model to leverage a suite of cloud providers, creating a new, distributed data environment. These organizations are also unable to dedicate full time, in-house resources to address their increasing information security challenges, often resulting in complacency in addressing critical information security issues. Small- to medium-sized nonprofits and associations are particularly at risk, and many are now employing an outsourced Chief Information Security Officer (CISO), also known as a Virtual CISO (vCISO), as part of their cybersecurity best practices.
Perhaps due to widespread media coverage of high-profile security breaches, many small- and medium-sized nonprofits and associations still believe they are not at risk because hackers typically focus on large organizations. Unfortunately, Verizon’s 2018 Data Breach report finds that 58% of security breaches were in fact against small businesses. Their reluctance to focus on IT security leaves many small- and medium-sized organizations susceptible to attacks, but a vCISO can provide the strategy needed to develop the appropriate security framework.
The vCISO offers a number of advantages to small- and medium-sized organizations and should be part of every nonprofit’s or association’s risk management practices. If you have questions about your organization’s cybersecurity practices or the benefits of vCISO services, please contact Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal at 301-951-9090 or firstname.lastname@example.org.