17 Oct 2016 Associations and Cybersecurity
Forbes cites that cyber-crime is one of the fastest growing industries in the criminal world, with lawbreakers expecting to earn upwards of $600 billion in 2016, outpacing all other forms of crime. Cybersecurity is no longer a concern for only those in the largest of industries (retail and healthcare, for example). It’s on the minds of everyone, including President Obama, who announced the Commission on Enhancing National Cybersecurity in April. Associations, both for-profit and nonprofit organizations and, yes, national governments, are taking cybersecurity very seriously.
It’s a mistake to assume that, because your organization is small, it’s safe. Experts in cybersecurity have a saying: “There are two types of businesses – those that have been hacked and know it, and those that have been hacked and don’t know it.” It probably isn’t a matter of if, but when. Hackers wreak havoc in numerous ways; they disrupt service and damage infrastructure, steal personal, financial, and trade information, and generate fear and mistrust amongst leadership, employees, customers, and members. A recent study by the New York Stock Exchange found that board members worry about brand damage, data breach costs, and the theft of intellectual property. Only one third feel prepared for a cyber-attack.
Here are a few of the latest trends in cybersecurity:
- In addition to attacks on the banking industry and government, cybercriminals will increasingly focus on healthcare providers, hotels, and other industries that have yet to implement deterrents (like the chip-and-pin card payment system).
- Use of ransomware, or malware designed to install covertly on a computer system and disrupt service until a ransom is paid, is on the rise. Hundreds of millions of dollars have been lost to ransomware, and the average ransom has gone from $294 in 2015 to $679 today. Individuals and organizations alike are susceptible.
- As more and more devices and wearable technologies increase connectivity in the workplace, organizations have to work harder to keep data secure and monitor access. Cloud services, in particular, are difficult to control, with employees often bypassing IT to use what they need.
So what can you, an association leader, do to deter a cyber-attack on your organization? First and foremost, you should take it seriously. Stay current on the trends, talk to your IT team if you have one, and take advantage of cybersecurity information being put forth by organizations like the National Institute of Standards and Technology (NIST). Second, develop a cybersecurity plan and make sure all employees understand and adhere to it. Your plan should address your organization’s policies on company security, use of outside devices, and acceptable use of technology. It should also include a schedule for backing up your systems, updating software, and changing passwords. Finally, make sure your IT is in compliance of federal regulations. For example, in the event of a breach, you may be required to notify the public.
How is your organization addressing cybersecurity?