Cyber Security During the Ukraine Humanitarian Crisis

As a result of the Ukraine invasion and increased sanctions, MPN is hearing from colleagues that several foundations are seeing an increase in unusual network activity and attempted breaches for their foundations and their nonprofit partners. We would like to share some helpful tips from the Technology Association of Grantmakers (TAG) to raise awareness and ensure your team, partners, and assets stay protected.

Here are simple ways to ensure your organization is being proactive:

Communicate:

• Make sure your entire staff, not just IT, is aware of the potential threat in a calm, non-inflammatory fashion.
• Remind your team about the risks of being phished and consider a "refresher" security awareness training session.
• Ask your team to be on the lookout for anything that “seems weird.” Adopt an approach of “If you see something, say something.”

Secure:

• Enable and enforce multi-factor authentication (MFA) where possible.
• Make sure that your HR systems and other systems that contain sensitive PII (personally identifiable information) are locked down.

Monitor:

• Keep a close eye on network traffic and security logs.
• Use configuration management to manage what files should and should not be on your critical infrastructure. If you see new files appearing that you didn’t create, that’s a red flag.
• Be aware of financial activity in your organization, and be on the lookout for financial fraud attempts.

You can view additional tips from the Cybersecurity & Infrastructure Security Agency at https://www.cisa.gov/shields-up.