Cybersecurity Information for Nonprofits

"Scammed San Francisco Nonprofit Falls Victim to Costliest Type of Cybercrime”

In April 2022, thieves hacked the email account of the nonprofit's bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000.

Source: https://www.cbsnews.com/sanfrancisco/news/scammed-san-francisco-nonprofit-falls-victim-to-costliest-type-of-cybercrime/

It can and does happen to organizations like yours

Nonprofit organizations often believe they are not an active target for cybercriminals. This is a misconception that can lead to a devastating outcome. With an extensive list of initiatives, limited resources, and employee turnover, security planning can be overlooked for too long.

Protecting your organization should be a top priority and, with our help, educating your employees about cybersecurity doesn’t have to be intimidating. Start by following the 5 Es of cybersecurity below.

Establish

Understand every step of your business process
- Determine where there may be risks, and develop controls to mitigate them
Create procedures that are well-defined, repeatable, and testable
- Include testing of the controls

Enforce

Follow your tested procedures
- Do not deviate unless there is a valid reason; deviations should have secondary review and the nature and reason documented
Consider rewriting your procedures if there are frequent deviations

Educate

Understand current and emerging threats including malware, phishing, social engineering, etc. and best practices to protect against them
Train employees to recognize red flags within emails and text messages, and understand the escalation process in the event one appears

Empower

Give your employees the ability to question when something doesn’t seem right (e.g., when an employee suddenly begins receiving emails from the CEO)
Make it convenient and comfortable for employees to speak up when they have questions

Evolve and Enhance

Be mindful of the consistently changing threat landscape
- Criminals are evolving to elude security efforts too
Monitor and modify your procedures to align against the changing threat environment as often as possible
Review, test and modify procedures and continuity plans on a predetermined schedule – do not deviate from the schedule

Ready to Help

PNC Institutional Asset Management^® assists nonprofits in understanding the identification of red flags and communicating cyber hygiene best practices. If your organization would like assistance, please reach out to your PNC Representative or submit this Contact Us Form.

Schedule an appointment

SCHEDULE NOW

Find a branch near you

FIND NOW

Important Legal Disclosures and Information

The information and materials were prepared for general information purposes only and are not intended as legal, tax or accounting advice or as recommendations to engage in any specific transaction, including with respect to any securities of PNC, and do not purport to be comprehensive. Under no circumstances should any information contained in these materials be used or considered as an offer or commitment, or a solicitation of an offer or commitment to participate in any particular transaction or strategy. Any reliance upon any such information is solely and exclusively at your own risk. Please consult your own counsel, accountant, or other advisor regarding your specific situation. Any opinions expressed in these materials are subject to change without notice.

The PNC Financial Services Group, Inc. (“PNC”) uses the marketing name PNC Institutional Asset Management® for the various discretionary and non-discretionary institutional investment, trustee, custody, consulting, and related services provided by PNC Bank, National Association (“PNC Bank”), which is a Member FDIC, and investment management activities conducted by PNC Capital Advisors, LLC, an SEC-registered investment adviser and wholly-owned subsidiary of PNC Bank. PNC does not provide legal, tax, or accounting advice unless, with respect to tax advice, PNC Bank has entered into a written tax services agreement. PNC Bank is not registered as a municipal advisor under the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Used with permission.

This material is intended to provide readers with useful information. The articles and other publications referenced in these materials are produced by persons or entities unaffiliated with PNC. Any statements or opinions contained in such articles or other publications are those of the author thereof and do not necessarily represent to the view of PNC or any of its affiliates. Nothing herein constitutes the provision by PNC of legal, tax, accounting, or investment advice to any person or a recommendation to buy or sell any security or adopt any investment strategy. PNC is not responsible for the accuracy of the information contained in this material or any articles or publications referenced herein.

PNC uses the marketing name PNC Institutional Asset Management® for the various discretionary and non-discretionary institutional investment, trustee, custody, consulting, and related services provided by PNC Bank, National Association (“PNC Bank”), which is a Member FDIC, and investment management activities conducted by PNC Capital Advisors, LLC, an SEC-registered investment adviser and wholly-owned subsidiary of PNC Bank. PNC does not provide legal, tax, or accounting advice unless, with respect to tax advice, PNC Bank has entered into a written tax services agreement. PNC Bank is not registered as a municipal advisor under the Dodd-Frank Wall Street Reform and Consumer Protection Act.

“PNC Institutional Asset Management” is a registered mark of The PNC Financial Services Group, Inc.

Investments: Not FDIC Insured. No Bank Guarantee. May Lose Value.