On March 12, 2024, the Australian Signals Directorate (ASD) released a cybersecurity guide for charities and nonprofits that outlines measures the organizations can take to support their cybersecurity efforts.

The guide explains that cyber threats are on the rise with phishing, business email compromise, and ransomware being the most common types of attacks. The guide warns that the effects of a cybersecurity incident can include financial loss, data breaches, and reputational damage.

In response, the guide outlines a cybersecurity checklist for charities and nonprofits containing measures that can help mitigate cyber threats. These measures include:

• turning on multi-factor authentication;
• checking that automatic updates are on and installing updates as soon as possible;
• backing up important files and device configurations often;
• providing cybersecurity training, particularly on how to recognize scams and phishing attempts;
• using access controls and reviewing them often;
• testing cybersecurity detection, incident response, business continuity, and disaster recovery plans often; and
• reporting a cybercrime, incident, or vulnerability to prevent further harm.

Finally, the guide highlights case studies illustrating different cybersecurity breaches that have affected various charitable organizations and the mitigation measures taken after the breaches.

You can read the guide here and the cybersecurity checklist here.