About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Co Our Culture Total Rewards & Benefits Early Career Opportunities Experienced Opportunities Join Our Talent Community
Contact
Akron, OH Baltimore, MD Buffalo, NY Chicago, IL Cleveland, OH Deer Park, IL Denver, CO Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Find Services

Assurance Services

Employee Benefit Plan Audits Internal Controls Investment Company Audits Private Company Audits

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation Litigation Support Services M&A Advisory Outsourced Accounting Solutions Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Explore Industries

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Find Insights & Events

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Co, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Co Our Culture Total Rewards & Benefits Early Career Opportunities Experienced Opportunities Join Our Talent Community
Akron, OH Baltimore, MD Buffalo, NY Chicago, IL Cleveland, OH Deer Park, IL Denver, CO Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

The 2 Most Common Cybersecurity Attacks Your Not-for-Profit Will Want to Avoid

July 30, 2019 Not-for-Profit

Cybersecurity threats, data breaches and email fraud have become part of the daily headlines, impacting businesses and organizations of all sizes and from all industries. During 2018, an estimated 5 billion records were breached world-wide, costing companies an average of $3.86 million per breach. It’s estimated that over the next two years cybercrime will cost companies and organizations a collective $6 trillion!
 
In addition to the monetary cost of a data breach, cyberattacks can be even more damaging to not-for-profit entities due to the potential loss of donors and stakeholder confidence. This could impact the ability of an organization to carry out its mission and achieve its goals.
 
With the growing number of cybercriminals, complexity of attacks and speed in which threats adapt, it may no longer be a question of if your organization’s network will be compromised, but rather when. Below takes a brief look at the different types of popular cyberattacks currently and what steps your not-for-profit can take to best protect itself.

1. Phishing (or Spear Phishing) and Whaling (or C-Level Fraud)

These are cyberattacks that have been around for some time but continue to be a very effective form of attacks used by hackers.
 
Carried out via email, today’s phishing attempts have grown complex and difficult to detect. Often a hacker will impersonate a known stakeholder, such as a vendor, donor or beneficiary. The hacker will ask the unsuspecting employee for confidential information or money, attempting to appeal to the unsuspecting employee’s willingness to help those in need.
 
Whaling is very similar to phishing; however, whaling impersonates an organization’s C-level executive. In most cases, these attacks are thoughtfully carried out over a longer period of time, in which the hacker researches the executive before attempting to trick an unsuspecting employee.
 
The best protection against phishing and whaling attacks is to train employees to be vigilant and aware that these types of schemes are out there. Have a policy in place for what employees should do when unusual email requests are made, even if the email’s sender appears to be known to the organization. Run phishing attack simulations to test and train employees to be on-guard against these attacks.

2. Cryptojacking and Ransomware

These types of attacks are carried out through the use of malicious software that has worked its way onto your network through a network breach.
 
Cryptojacking is when cybercriminals find a way to secretly access your computer to mine cryptocurrency. Cryptojacking can infect your organization’s website, in turn infecting the computers of your website visitors, or your organization’s computers when someone visits an unknowingly infected website. Once a computer is infected, this bug hijacks its processing power to carry out the secret cryptomining activity, slowing down the computer and network.
 
Ransomware is an even more invasive type of cyberattack in which hackers gain access to an organization’s network and install malicious encryption software to lockdown and hold your organization’s data hostage until a ransom is satisfied.

How to Protect Your Not-for-Profit Against These Attacks

While cryptojacking and ransomware are the two most common forms of cyberattacks occurring today, below are some key steps to help protect your organization against any cyber threats:

  • Have strong password controls,
  • Actively update anti-virus software,
  • Review firewall and server activity logs,
  • Change default passwords on all network connected devices,
  • Ensure systems are all up-to-date with the most recent security patches,
  • Regularly scan your organization’s computer systems and network for unauthorized devices.
  • Make employees aware of common security threats through training and
  • Properly back up critical data.

Please contact Marie Brilmyer at mbrilmyer@cohenco.com or a member of your service team for further discussion.
 
Cohen & Co is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Top
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy

"Cohen & Co" is the brand name under which Cohen & Company, Ltd. and Cohen & Co Advisory, LLC, and its subsidiary entities, provide professional services.

Cohen & Company, Ltd. and Cohen & Co Advisory, LLC practice in an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards.

Cohen & Company, Ltd. is a licensed independent CPA firm that provides attest services to its clients. Cohen & Co Advisory, LLC and its subsidiary entities provide tax, advisory and business consulting services to their clients and are not licensed CPA firms.

The entities operating under the Cohen & Co brand are independently owned and are not responsible for the services provided by any other entity operating under the Cohen & Co brand. Our use of terms such as “our firm,” “we,” “us” and other terms of similar import denote the alternative practice structure of Cohen & Company, Ltd. and Cohen & Co Advisory, LLC.

© 2025 Cohen & Co