Nonprofit Resources


Be on Guard Against Cyber Crime Following a Natural Disaster

Cybercriminals are known to exploit natural disasters and target both individuals and organizations during times of tragedy. And these attacks aren’t limited to just the affected geographic areas.

Here’s what to watch for.

Phishing Emails

After a disaster, cyberattacks are often in the form of phishing emails attempting to lure individuals into making a donation to a bogus nonprofit purportedly assisting victims. Typically, the goal is to obtain and then sell credit card numbers.

When you receive solicitations for donations after a disaster:

  • Always be skeptical and use caution when opening an email or responding to a phone call asking for donations
  • Inspect any links before clicking
  • Rather than making a donation through a link in an email or over the phone, go directly to the nonprofit’s website 
Protecting Your Nonprofit’s Network 

If your nonprofit’s disaster plan involves the use of backup systems, be aware that cybercriminals often attempt to exploit backup environments when utilities go down.

That’s because backup systems often lack the security protections that exist in a live environment. For example, firewall protection may not mirror the live system, and servers and other systems may not be updated with current patches. This opens a number of security holes. 

Environments are further at risk if controls are temporarily switched off to allow for continued operations. One example is multi-factor authentication that allows for system access from a set list of IP addresses. If employees need to work from evacuation locations, a limited list of the normal IP addresses will prohibit access. To resolve the issue, the IT department may turn off the validation list to keep things running.

While there’s not much you can do once disaster hits, you can plan ahead by ensuring that your organization’s disaster recovery plan addresses:

  • How and when backup systems are patched
  • Whether security for backup systems is equivalent to primary systems
  • Pitfalls that might be encountered, such as IP address restrictions

These are just a few areas of concern. Contact us at [email protected] with any questions, and remember to not let your guard down even when the power is down!

Leave a Comment