Everyone thinks phishing and ransomware attacks only happen to other people and organizations. If only. A recent discussion in the ASAE Collaborate community confirmed the ugly truth: an increasing number of phishing attacks on chapters. But you can take steps to protect your chapters against cybersecurity attacks and breaches.
HOW CHAPTER STAFF AND VOLUNTEER LEADERS GET PHISHED
Last year, phishing emails were responsible for more than 90% of cyberattacks. It’s not surprising chapter leaders take the phishing bait. Imagine them trying to keep up with chapter business while busy at work. Kim Grimm, deputy director at the National Association for Catering and Events, said.
“A [chapter] treasurer will get an email from what looks like a president requesting funds to be paid.”
CAN YOU GUESS WHAT MIGHT HAPPEN NEXT?
Sometimes they recognize the ploy, but sometimes they don’t. The email looks like it’s coming from the president, but it might not be. Hackers use software that allows them to “spoof” someone’s email. You usually can’t tell the difference unless you inspect the email address in the ‘From’ field or the source code in the email header. Earlier this year, DelCor Technology Solutions explained how to spot a spoofed email and how to prevent it from happening to your association and chapters.
Phishing emails don’t always request fund transfers, usually they try to trick you into opening an attachment containing malware or ransomware that will infect your computer and, if not stopped, your network.
Or they fool you into clicking on an URL for a compromised website hosting malicious code that is automatically downloaded to your computer and, eventually, your network.
CONSEQUENCES OF A CYBERATTACK ON CHAPTERS
In the best case scenario, if someone clicks on a bad link or opens a bad attachment, only their computer is infected. To get back to work, their hard drive must be wiped and files restored from a backup—an inconvenience at best. But that’s not how it usually works because their computer is connected to a network and the malware spreads quickly.
A ransomware attack usually ends up encrypting everyone’s files. The entire staff is locked out of their computer and network—an operationally and financially crippling scenario.
Files and data must be restored from backups, assuming the chapter has backups. If not, they have to pay ransom which means setting up a virtual wallet to buy bitcoins—a process that can take up to five business days. Then, keep your fingers crossed that the hackers unlock the files because sometimes they don’t.
Meanwhile, employee, customer, and member data is compromised or stolen—and you have to let them know. If chapters don’t secure payment information in a PCI-compliant manner, they can also be held in violation of PCI regulations.
Cybersecurity attacks can bankrupt organizations. They never recover from the interruption to operations, financial and legal liability, damage to their reputation, and loss of their community’s trust.
Don’t let your association or chapters become a cyberattack victim. Learn how to prevent and prepare for the inevitable ransomware attack >>