Small not-for-profit calls time on cybercrime

Many not-for-profits and charities readily admit they are fearful of falling victim to cyber criminals.

Despite this acknowledgement, a string of surveys, such as the recent 2023 Digital Technology in the Not-for-Profit Sector report from Infoxchange, have revealed the sector is woefully unprepared to face the threat.

So much so, just 13% of NFPs have a plan to boost their cyber defences, even though an estimated one in eight has been subjected to a cyber attack in the past year, .

One small community service organisation, though, has proved determined to take control of its own data destiny.

Child & Family Services (CAFS) Ballarat, in regional Victoria, has signed a deal with IT company Macquarie Cloud to adapt a cyber defence solution to suit its not-for-profit needs.

Founded in 1866, CAFS offers access to more than 50 programs designed to enhance the wellbeing of children, young people and their families.

Its services are used by more than 6,500 people across the Grampians and Central Highlands in Victoria.

The nature of CAFS' work means it holds sensitive information, and its communities trust it to protect it.

The IT agreement will see Macquarie develop cyber threat intelligence capabilities including AI-powered security analytics, real-time detection and response, and the ability to connect intelligence from multiple sources.

CAFS cyber security and infrastructure specialist Chris Hunter said the new platform would not only better protect client data from being compromised but also help boost the digital transformation of his organisation.

Along with becoming more cyber resilient, the CAFS team was keen to embrace the opportunities presented by new technologies such as AI and automation to supercharge projects already underway within the organisation.

“We know these technologies can make service delivery better and easier, but you need to have the right foundations to support all the data, and they need to be secure,” said Chris.

Like many small NFPs, however, CAFS has only a small ICT team and relies on external expertise when it comes to increasing its level of data maturity.

Mr Hunter said the new deal would enable his team to use AI and automation to improve administrative tasks and workflows and gain access to invaluable external IT and security support.

“NFP organisations often have distinct requirements when it comes to digital information protection due to their unique operational structures, complex legislation requirements and the nature of the data they handle.

“Unlike for-profit entities, NFPs may not have the same level of resources to invest in cybersecurity, yet they manage sensitive donor information and confidential data for the community they serve.”

Mr Hunter said he had been impressed by the Macquarie team’s efforts to take the time to understand CAFS' unique business needs as an NFP.

“Forging a partnership with a leading Australian cyber security enterprise not only fulfils our client safety priorities but also propels us towards the adoption of cutting-edge technologies,” he said.

“They were also willing to be flexible in the commercial arrangements, helping us to make the business case with key stakeholders and get the investment over the line.”

Mr Hunter said it was important to have a cyber defence capability developed specifically to meet the needs of a small NFP such as CAFS.

“Establishing a robust cyber defence capability is critically essential for NFP organisations, given our frequent handling of confidential information and typically constrained financial resources.

“Crafting a bespoke cyber defence plan is imperative for the protection of an organisation’s electronic assets from cyber threats, which pose a significant risk to not-for-profits that depend heavily on the confidence of the public and the backing of donors.”

Mr Hunter said he hoped other NFPs would follow CAFS' lead and adopt cyber security solutions tailored to their needs, which in turn would help create a sector-wide community of practice.

“Such an initiative could foster community collaboration in cyber security, leading to a fortified defence as organisations pool resources, expertise, and strategies to bolster their joint security stance,” he said.

“It’s a collective endeavour, and unity in action can significantly enhance the resilience of the entire [NFP] community against cyber threats.”

Naran McClung from Macquarie Cloud Services said the NFP sector was one of Australia’s largest employers, accounting for 10.5 per cent of the Australian workforce and generating $190 billion in revenue.

“There’s a strong desire to bolster cyber security standards within the sector given the high volumes of sensitive data, and it’s a real pleasure to be able to meet that demand head-on and within already tight budgets,” he said.

Mr McClung said CAFS was setting the standard for NFPs when it came to cyber security planning.

“There’s a common misconception that the tools and systems it [CAFS] has in place are only within reach for large enterprises and government agencies, which couldn’t be further from the truth,” he said.

More information

NFP sector calls for a seat at Canberra's cyber security table

Report a technology wake-up call for NFP sector