Nonprofit organizations are the lifeline of many local communities, helping to meet important societal needs that are often under-addressed by the government and the private sector.

While nonprofits scale in size from small community centers to large-scale international projects, the majority of organizations typically run on tight budgets and limited resources. At the same time, nonprofits also collect and store sensitive information including donation information, social security numbers and medical PII, making them ideal targets for cyber criminals. In this regard, nonprofits are very much like their private sector and government counterparts.

As resource-strapped nonprofits must choose where to focus their energy and money, IT and cybersecurity is often underfunded and understaffed, leaving systems vulnerable to data breaches, credential theft, polymorphic phishing attacks and other modern phishing attack techniques designed to trick users and bypass legacy email security safeguards.

Non-profit IT service provider turns to self-learning email security

We recently had a virtual sit-down with Stephanie McKee, Director of Technology Engagement, and Ben Knudson, Technologist, at Apparo, a Charlotte, North Carolina-based tech nonprofit. The organization’s mission is to connect nonprofits with IT education and training, business technology advice and projects, as well as affordable IT solutions.

This Q&A dives into Apparo’s approach to email security, the threat landscape for nonprofit organizations and how IRONSCALES acts as a key anti-phishing layer in conjunction with Office 365 Advanced Threat Protection (ATP) to help their team of 13 simplify email risk mitigation for internal employees and customers.

Q. What are you biggest challenges with phishing threats? How does IRONSCALES help mitigate those?”

Ben: Before we implemented IRONSCALES, our CEO and employees had been receiving quite a few phishing emails and we were only relying on manual processes to detect and respond to suspicious messages. As a nonprofit that collects valuable data to reach people in need, our biggest concern was that our employees would be lured to fake login pages spoofing companies like Dropbox and Microsoft Office365.

Aware of these risks, we initially turned to Microsoft O365 ATP to block these phishing emails from getting in front of our employees. But it simply wasn’t sufficient in protecting against sophisticated attacks and we knew that we needed an additional layer of protection to fully address all of our vulnerabilities.

It only takes a few seconds for a person to interact with a phishing email. Given the rise in prominence and frequency of these fake login page attacks, we’re thankful that IRONSCALES has advanced threat protection to prevent these emails from reaching inboxes in the first place.

Q. Has IRONSCALES shown a real improvement in phishing prevention, detection and response?

Stephanie: For starters, we are amazed by how easy it was to implement the IRONSCALES platform and by the impact of its solutions at a low cost. Since implementation a year and a half ago, IRONSCALES has reduced the amount of phishing emails getting through our email security systems by 99%. Furthermore, with banners, warnings and intuitive self-management, it is clear that IRONSCALES is not only protecting our inboxes by blocking these emails from getting in front of our team, but it is also empowering our employees to stay proactive and vigilant against advanced attacks.

Q. How has COVID-19 impacted your technology and security needs?

Stephanie: Much like every organization across the globe, we had to quickly pivot our strategies to maintain the flow of our business processes and support remote work. For a small tech team that relies on collaboration to support positive change within the community, that meant identifying solutions that were simple, effective and easy to deploy to avoid business disruption and keep our data secure.

In the wake of the pandemic, IRONSCALES has helped us make this transition while effectively managing the increased security vulnerabilities of working from home. We no longer have to worry about rushing to people’s desks to warn them about suspicious emails - IRONSCALES has provided us with a platform to swiftly mitigate risks as we continue to collaborate across a scattered workforce.

Q. Do you think there is a lack of awareness amongst nonprofits on the importance of email security?

Stephanie: Yes, definitely. Cybercriminals are opportunists, and they love an easy target. Nonprofits have long been viewed as low-hanging fruit by phishing attackers because they lack effective email security measures and have a gold mine of collected data from donors, corporate contributors, partners and charities.

Many nonprofits we work with don’t have email security tools besides what’s built into their systems and are simply not aware of how prevalent the threat is. In fact, the most dangerous phishing emails often look so authentic that even trained security personnel cannot identify them.

Ben: Furthermore, leaders of nonprofit organizations should know that adopting such technology doesn’t have to be a daunting and expensive task. We simply need to make it more well known that such options exist, can be easily implemented and won’t require massive security teams to implement.

With recent sophisticated attacks on organizations within the nonprofit sector, such as the recent Blackbaud attack, it is now more important than ever to assess the security infrastructure of your nonprofit to identify and proactively address your vulnerabilities.

Thank you, Stephanie and Ben, for sharing your experience with IRONSCALES.

Interested in learning more about how our self-learning email security platform can help your company reduce email phishing risk? Check out our overview page.

Eyal Benishti
Post by Eyal Benishti
October 29, 2020