A collaboration between the UC Berkley’s Center for Long-Term Cybersecurity, San Francisco’s Office of Cybersecurity under the Department of Technology, and San Francisco’s Digital Equity has produced a report providing cybersecurity guidance for nonprofits and city entities in San Francisco. The report, CyberCAN: Cybersecurity for Cities and Nonprofits, Strategic Recommendations for the City and County of San Francisco to Improve Nonprofit Cybersecurity, emphasizes that a high number of nonprofits, 85%, have reported being cyber attack victims at least once. Unfortunately, these nonprofits also tend to lack the staff capable of mitigating such attacks. According to the report, 53% of these nonprofits “have no full-time IT staff” and “do not offer any type of cybersecurity awareness training for employees.” These attacks can lead to very serious data compromises, like the exposure of social security numbers. However, nonprofits are integral to assisting cities in providing community services and need to continue to operate, even with minimal funding.
To mitigate the cybersecurity risks, this report proved six key recommendations for city governments to assist with:
- “Provide regular cybersecurity advice and assistance to local nonprofits.
- Host an annual cybersecurity convening for nonprofits to learn and
network with cyber professionals. - Create a nonprofit cybersecurity resource webpage for the city
government website. - Offer cybersecurity funding opportunities for nonprofits to hire, or
contract, cybersecurity talent. - Host student interns to work with nonprofits on cybersecurity issues.
- Provide local nonprofits with low-cost access to critical cybersecurity
tools and software.”
For more information on this topic, check out the HSDL’s In Focus topics on Cyber Policy and Cyber Threat Actors.