As a non-profit, your organization is composed of good people focused on benefiting society. This is why it's so shocking to learn that non-profits are regularly targeted by cybercriminals.
When performing vital services to your community, the last thing you need to be worrying about is whether your own network has been breached. You may even think that hackers wouldn't be interested in the kind of data you store. If so, it's time to face the truth.
Non-profits are unprepared
The fact is that non-profits are singled out by hackers and the consequences can be devastating.
According to the Cyber Peace Institute, in 2021 over 50% of NGOs reported being targeted in cyber attacks.
Not only are non-profits an easy target, but they're a desirable one too: non-profits often store sensitive information such as social security numbers, names, and other information on vulnerable people that can be very valuable on the digital black market.
The humanitarian sector raises over $30 billion annually, meaning bad actors will use various methods to try to intercept and steal those funds.
Cyber attacks on non-profits
As you've learned, non-profits are a very lucrative target for cybercriminals, who seemingly don't care that such organizations are there to benefit the community. Common attacks include:
CEO Fraud
This type of attack involves criminals who impersonate a legitimate body like a bank to trick staff at non-profits into sending them money via wire transfer. They often do this using fake e-mail addresses and websites.
This type of attack caused the NGO Roots of Peace a total loss of over US$ 1.3 million in 2020 after they were tricked into wiring money to a Chinese bank account by impersonating non-profit employees with fake emails. The funds were never recovered and the Roots of Peace owners had to borrow money from their bank to keep the non-profit running.
Ransomware
This threat is extremely dangerous to non-profits as it's a form of malware that encrypts data on an infected computer or device. Attackers will then demand a hefty 'ransom' in exchange for unlocking infected devices.
In 2021, New Zealand's largest volunteer agency VSA was targeted in a sophisticated ransomware attack. The owners refused to pay a ransom and recovered from the attack, though some historical data was lost.
Data Breaches
Personal information is big business to hackers and advertisers. This is a particular risk for non-profits that store medical data.
Advocate Aurora, one of the USA's largest non-profit health systems was a victim of such a breach in 2022. Unknown to the owners, certain codes used on the non-profit's website revealed medical information of up to 3 million patients to third-party vendors.
In January 2022, the Red Cross also fell victim to hackers using carefully crafted malware, stealing personal data such as names, locations, and contact information of more than 515,000 people from across the world.
The price of cyber attacks
The average length of time it takes organizations to recover from ransomware attacks is 22 days. As non-profits frequently respond to humanitarian disasters and perform other life-saving activities this is time you can't afford to lose.
Even if your non-profit isn't on the front line, you also need to consider the reputational damage and financial loss caused by other forms of attacks and breaches.
What can I do to protect my non-profit?
While there's no absolute guarantee of safety, Control D's DNS control service can significantly improve your non-profit's productivity and security.
Switching to Control D can be done in minutes and makes it easy to manage your non-profit's internet traffic, allowing you to block and filter all types of content.
How does DNS work?
DNS is like the giant phonebook of the internet, linking IP addresses (telephone numbers) to domains (website addresses) to make navigating the web more human-friendly. Computers do not understand human words and are identified by IP addresses, which are large numbers assigned to internet devices like servers.
Whenever you enter a website address into your browser e.g. www.controld.com, your 'request' is sent to a DNS server, which will check the domain name in its database (the phonebook) to find the matching IP address. This same process happens whenever you open an email, view an image, or use any kind of cloud storage.
The bottom line is that DNS is an essential part of the internet's infrastructure, though it mostly operates transparently in the background, so you don't need to worry about it.
Control D Use Cases
As your non-profit grows, you'll gather more staff, donors, and sensitive personal data. That means you'll need to control, monitor, and protect your organization's internet traffic.
A DNS control product like Control D offers you a simple, secure, and reliable way to do this. Our main security features include:
Blocking Malicious Websites
Control D can also block websites known to contain malware and other potentially harmful types of software like aggressive ads and trackers. Like with phishing websites, this means even if someone does click the wrong link, known malware sites won't load. Naturally, this means there's no chance of any of your staff accidentally downloading malware from such pages.
This can be achieved through Control D's AI Malware Filter, which has 3 basic levels of blocking:
Balanced - This setting blocks domains that have an average risk of being malicious.
You can also block ads, trackers, and 18 other categories of sites manually on all of your devices with a simple flick of a switch.
Enhanced Network Security
By default your organization's chosen DNS server most likely will convert every web address into an IP address and take them to that website. Still, what if they've been given the address of a 'phishing' website designed to harvest sensitive information like banking passwords?
Control D includes features to block known phishing websites to prevent them from loading, even if someone clicks on the wrong link. For extra security, you can even activate our "New Domains" filter. This means if a hacker recently created a website for phishing purposes, the page won't load.
Limit Inappropriate Content
As a non-profit your reputation is important, so you want to be sure that anyone accessing the internet via your organization is doing so only for the right reasons. Control D can be used to block access to inappropriate websites by category, such as those containing adult or gambling content, once again just by clicking a few switches.
Bypass Geo-restrictions
Many non-profits operate in countries that practice strict internet censorship. This can mean that your staff can't access legitimate sites that they need for their work. Control D maintains a list of over 300 services like Amazon and Facebook, for 'Full Control' subscribers that you can 'redirect' to appear as if you're in another country.
Our 'Default Rule' can also be manually configured to redirect all device DNS requests to make it appear to be in a different country at all times.
You can also encrypt and redirect your DNS requests via a reliable VPN service like WindScribe. Still, VPN usage is sometimes illegal or heavily restricted in countries where non-profits operate. It also requires inputting specialist settings and dedicated software.
Using Control D's bypass feature is as simple as clicking your mouse and choosing the country to which you want to redirect requests, so you can access these pages in the same way as someone in that country. This will encrypt and route your DNS requests securely through Control D's servers, though doing so won't protect your traffic from active surveillance like DPI (Deep Packet Inspection).
Control D is one tool among many
While Control D offers an excellent way to protect your organization from harmful websites, it won't protect your non-profit against every online threat. For instance, some malware contains the IP addresses it needs to communicate with its creator, so it doesn't use DNS.
Control D also can't protect non-profit workers from all types of social engineering attacks, such as those that trick them into providing personal information over the phone.
This is why it's so important to develop a cybersecurity strategy and educate your staff on various types of cyber attacks such as identity theft. As a starting point, we recommend combining Control D's protection with a reliable VPN like Windscribe (where it's safe and legal to do so), as well as a dedicated password manager.
We also strongly recommend enabling 2FA (two-factor authentication) for all your online accounts. This means anyone signing into these accounts from a new location and/or device will need to provide a special code as well as a password, making life much more difficult for attackers.
Getting Started with Control D
If you've decided Control D offers the security your non-profit needs, you'll be pleased to learn that setup only takes minutes. Creating a 'device', takes only moments so you can have a unique DNS 'resolver' configured with the settings you choose. This is done via a simple graphical interface.
The wizard prompts you to choose the right resolver for your device. There's also an online tutorial to guide you through setup. Once this is done, Control D can then generate a setup URL for the end user to click so that the DNS settings are applied automatically.
You can also deploy Control D on hundreds of devices at once, as the platform supports 'Mass Provisioning'.
Control D Pricing
Control D offers a clear per-device or per-router pricing plan for businesses based on the features required. This is done on a month-to-month basis, saving so your non-profit doesn't have to commit to any long-term contracts. You can also cancel your subscription at any time.
All plans allow admins to block, route, and monitor your non-profit's network traffic with the touch of a button. You can also create enforceable 'global' policies to apply to all your clients such as blocking domains known to contain malware.
We applaud the work non-profits do and are pleased to offer discounts. If you would like to discuss a custom price plan tailored to your specific needs, please contact us for a quote.