A new article in the Chronicle of Philanthropy, “Nonprofits Are at Risk of Cyberattacks. Here’s What You Need to Know,” by Ben Gose, highlights the digital security threats facing many nonprofit organizations — and the expanding network of resources available to help them defend themselves online.
The article spotlights the work of UC Berkeley’s Citizen Clinic, a trailblazing course led by CLTC and the UC Berkeley School of Information, through which students are trained to provide digital security assistance to client organizations.
Gose leads the article with the example of Land Is Life, a New York-based nonproﬁt that provides support resources (including digital security) to Indigenous rights organizations. “Cyberattacks are a growing menace to nonproﬁt organizations around the world, and Land Is Life is no exception,” Gose writes. “Land Is Life received pro bono assistance from a student-led clinic at the University of California at Berkeley’s Center for Long-Term Cybersecurity to make sure the grant applications — and the charity’s own data — are secure and don’t fall into the hands of those threatening Indigenous people in the ﬁrst place.”
Land Is Life “has plenty of company,” Gose notes, “as more and more charities seek to keep their data safe from cyberattacks…. Nonproﬁts are an attractive target for cybercriminals because many do little to defend against attacks yet possess valuable data, including donor records. The pandemic, which led to an abrupt change to remote work, left many charities even more exposed.”
Ann Cleaveland, CLTC’s Executive Director, told Gose that “a major hurdle for many organizations is ‘lack of agency’ — the feeling that they simply can’t match up against the dark forces trying to hack into their systems.”
“Nihilism is probably too strong a word,” Cleaveland said, “but deﬁnitely everybody is feeling overmatched.”
After outlining the challenge, the article focuses on emerging solutions, sharing insights from leaders from a range of public interest cybersecurity organizations, including TechSoup, Tech Matters, CyberPeace Institute, NTEN, as well as private companies such as DeleteMe and Microsoft, and nonprofits like Stand for Children and Catholic Relief Services.
The article explains that “some grant makers, including the William and Flora Hewlett Foundation…, Craig Newmark Philanthropies, and the Gula Tech Foundation, have made cybersecurity a priority. And an open letter signed in April by more than 30 charities and foundations calls on donors — particularly technology billionaires — to increase the sliver of philanthropic spending that goes toward cybersecurity.”
The Center for Long-Term Cybersecurity “has big expansion plans for its Citizen Clinic,” Gose wrote, citing CLTC’s role in establishing the National Consortium of Cybersecurity Clinics, together with the Massachusetts Institute of Technology, the University of Alabama, Indiana University, and other colleges and universities.
“The consortium hopes to add more college and university partners and spread to states and regions throughout the country, helping small nonproﬁts and others that can least afford cybersecurity technical assistance,” Gose said.
“We are very hopeful that funders will be interested in this,” Cleaveland said. “It’s a way of addressing this market failure — a way of getting around this issue of helping nonproﬁts that are starved for overhead.”