Top 5 Cybersecurity Threats Every Association

Top 5 Cybersecurity Threats Every Association Professional Must Know

A 2023 report estimated that 27% of nonprofits were victims of a cyberattack.

Could your association be next? Maybe, but that doesn’t mean you’re helpless.

Recognizing you’re a target is the first step. The next step is identifying the top risks so you can come up with adequate prevention and response plans.

Here are five cybersecurity risks that all association professionals need to consider:

1. Phishing Emails

Back in 2016, there was a wave of phishing attacks targeting bar associations specifically. Members would get bogus emails impersonating association executives.

To create a sense of urgency, the phishers would try to convince members they were the subject of disciplinary complaints. The complaint link, however, would either leak confidential information or install malware on the member’s device.

Some bar associations had to issue warnings, letting the members know which domain to trust.

Unfortunately, phishing attacks are still active, and people are often the weakest link. Train the members and the association professionals, and you’ll ward off most phishing attempts.

Side Note: Phishing can be done over SMS, social media, and even voice calls.

2. Ransomware

In a ransomware cyber attack, the attacker looks for a way in and encrypts the victim’s (could be a member or an executive) data.

Paying the ransom doesn’t even guarantee that the victim will regain access to the files and systems. Sometimes, attackers will also threaten to publish critical info.

What does the “way in” look like? Well, you can unknowingly download ransomware by clicking on an ad, following a link, or simply visiting an infected website.

That’s why anyone who handles sensitive member data needs to use firewalls and do regular backups.

3. Third-Party Exposures

Associations might rely on third parties for payments, event planning, fundraising, and more. The issue here is that third-party relationships can open the door to more data breaches.

That’s why vetting every contractor and partner you deal with is a must. If they’re vulnerable, so is your data.

4. IoT Attacks

In 2017, the American Society of Association Executives (ASAE) reported that using mobiles for work was no longer a top security concern. Instead, the Internet of Things (IoT) was the main risk that would cause “trouble ahead.”

The ASAE had a point. More than half of all organizations suffer from attempted attacks on IoT devices every week.

After all, many devices we use are designed for convenience rather than security. Think of wearables, IP cameras, and audio-video devices. Yet, they all operate under the same network you use, acting as a weak link in your cybersecurity chain.

5. DDoS Attacks

A Distributed Denial of Service (DDoS) attack can cripple domains for hours. This alone can be very damaging to an association’s reputation.

However, things can get even worse—the DDoS attack could be a smokescreen. Attackers might be using the denial of service to mask ransomware infiltration.

Final Words of Advice

Don’t ask “if” an attacker will target your association. Assume a cyberattack will eventually happen and start planning accordingly! Did you know? Every October is Cybersecurity Awareness Month, and there are a host of free resources to distribute to your team. You can start by visiting CISA.gov and downloading their free toolkit!