GrantBook was contacted by its client, a small family foundation, when a staff member noticed files missing from the usual folders……..with foreign files showing up in their place. They were in a bit of a panic as all preparations for the board meeting the next day had disappeared!
Is the charitable sector immune to cyber attacks?
The recent cyber attacks on Carleton University (Canada) and the San Francisco local transit authority, with ransomware hackers demanding $39,000 and $93,000 respectively, may have gone unnoticed to professionals working in the philanthropic sector.
However, around the same time a Canadian foundation was also attacked. Again, hackers deployed ransomware*and were demanding payment to restore access to foundation files.
*Ransomware is a type of cyber attack (malware) that sends a virus through an organization, encrypting files with a password known only to the hackers. A financial ransom is demanded from the victim to unlock the files and regain access. Without the password, organizations find it extremely difficult to decrypt and get their information back in good condition. For example, the University of Calgary made the controversial choice to pay a $20,000 ransom earlier this year to regain access to their systems.
How BOX saved the day
This foundation stores their files in a cloud-based software called Box. Everyone uses the tool, Box Sync, to keep files synchronized between a personal desktop folder and the Web.
The ransomware virus deleted all the files on the infected computer (including files in the Box Sync folder), replacing them with garbled-looking, encrypted copies. Box Sync then shared these “updates” with the rest of the team, syncing the encrypted (bad) files to all computers in the organization.
The GrantBook team reviewed usage logs to identify the infected computer (likely infected after the user clicked a link in an email). Box’s file history was used to reverse the damaging changes (made by the hackers). GrantBook got the foundation up and running again – just in time for their end of year board meeting!
While initially, Box made the problem worse by spreading these bad files, Box ultimately saved the day.
Protect your Foundation: Digital Risk Management
Too often, foundations do not utilize standard risk management practices, including adequate protection against technology risks. This puts operations and confidential information at risk of threats such as hard drive failure, computer theft and ransomware.
Without a robust Cloud storage tool like Box, the foundation would have been faced with the choice of paying ransom (with no guarantee of having the files released), or accept the loss and start over.
Consider Cloud-based Tools
Adoption of cloud-computing in the philanthropic sector is increasing. However, many foundations believe files stored outside of physical computers (and out of immediate control) are at risk of a cyber attack. This fear is based on the assumption that files are more secure if access, storage, security and backups are fully managed in-house.
GrantBook believes that the right Cloud-based tools, combined with best practice enterprise-wide risk management standards (including technology risk mitigation) can enable philanthropists to focus more of their time and efforts on solving world problems.