Cybersecurity has become a critical issue for all organizations. A few examples can underscore the just how serious this threat has become. The military has set up the Cyber Command, a unified combatant command to defend the United States against cyberattacks from foreign powers.  The Securities and Exchange Commission has also taken great interest in this area.  Public companies are required to report any material breaches of their critical information systems, analyzing the legal, financial and reputational consequences of such actions.


Somehow, the message about this threat has not filtered down to some governmental entities and not-for-profit (NFP) organizations.  An amazing example of poor internal controls is unfolding in Baltimore, Maryland.  As this blog is being written, the city’s information systems have been held hostage for the last nine days.  There doesn’t seem to be any end in sight to the problem either. The city’s email and critical billing and payment systems are at a standstill. Baltimore has been reduced to receiving checks as payment. One can only imagine the accounting nightmare this will cause after everything is sorted out.


What is even more amazing is the city suffered a previous cyberattack.  Chillingly, that attack disabled the 911 system over a weekend period, putting people’s lives in danger.  The city had to revert back to manual processing of 911 calls. One would have thought this would have been a clear warning about the dangers of the situation.


Many NFPs are also in the same situation. They don’t understand or don’t have the resources to take preventive action. Even worse, some stick their heads in the sand and say they are too small to warrant attention from hackers. Nothing could be further from the truth. The information systems of one of my clients, a small church, was hacked with ransomware.  Church management wisely chose not to pay the ransom and proceeded to restore their information systems.  Sadly, not only was there inadequate protection against hacking, but there was no backup. They were forced to redo all transactions for the year.  Fortunately, the volume of transactions was not immense, and the church was able to recreate its records.  Yet, it took a lot of effort that could have been deployed elsewhere.  After all resources at most NFPs are in short supply.


Cyberattacks on governmental agencies and NFPs are on the rise.  Is another catastrophe such as what happened in Baltimore required for everyone to take notice of this threat?



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s