But all’s not doom and gloom. Nonprofit organizations can leverage automated email security platforms to mitigate these issues, also freeing up what IT resources they do have to focus on bigger picture issues around cybersecurity and other technology needs.
Why email security is a must-have for nonprofit organizations
Today, 90% of all cyberattacks begin with a well-crafted phishing email that lures a click or download, or entices an illegitimate action, such as a wire transfer or credential sharing.
Nonprofits have long been viewed as low-hanging fruit for phishing attacks by hackers because, more often than not, such organizations lack email security safeguards while staff and volunteers may not be educated on how to best spot what’s real from what’s fake. In fact, a recent report from the NTEN found glaring gaps in nonprofit cybersecurity postures, including a lack of training and little monitoring of devices used by employees.
One example of an organization that’s taken preventive measures to protect their donor base and network of partners is Charlotte, North Carolina-based tech nonprofit Apparo. As their mission is to help other nonprofits overcome tech problems, they knew they needed to walk the talk with an extra layer of email security on top of Microsoft O365 Advanced Threat Protection (ATP), now known at Microsoft Defender, which wasn’t sufficient in stopping phishing attacks.
Why? Microsoft ATP, known as a secure email gateway (SEG), isn’t built to stop phishing emails that contain no links or attachments. At this point, I’d expect almost everyone has seen an email impersonating their CEO or colleague asking for a quick task. The kicker there is that, because it’s only text, SEGs have an extremely difficult time identifying the message as malicious.
To mitigate risk, Apparo implemented a security solution that scrapes metadata and utilizes emerging technologies such as natural language understanding to block text-only phishing emails. After implementing the platform, Apparo saw a 99% decrease in phishing attacks penetrating inboxes.
According to Stephanie McKee, director of technology engagement at Apparo, the “banners, warnings and intuitive self-management not only protects our inboxes by blocking these emails from getting in front of our team, but it is also empowering our employees to stay proactive and vigilant against advanced attacks.” This dual approach to email security (technology and human intelligence) is key to mitigating risk.
McKee also notes, “Leaders of nonprofit organizations, like those Apparo serves, should know that adopting such technology doesn’t have to be a daunting and expensive task. We simply need to make it more well known that such options exist, can be easily implemented and won’t require massive security teams to implement.”
Cybersecurity solutions often have a bad reputation for being costly and technologically complicated to manage. But for nonprofits, email security can be a simple, non-time-intensive implementation with seamless integrations into current email and IT systems. With no security expertise needed or custom configurations, there’s a clear path forward for nonprofit organizations looking to protect their employees, donors and sensitive data. That path begins with emphasizing email security.
Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the information security domain. He also served as technical lead at Imperva, working on the Web Application Firewall product and other security solutions. A passionate cyber researcher from a young age, Eyal holds a degree in computer science and mathematics from Bar-Ilan University in Israel.