In recent months, our community, yeshivos, shuls and other institutions have seen a disturbing rise in cybersecurity attacks targeting both businesses and nonprofit organizations. Several local organizations have already fallen victim, rachmana litzlan, to these sophisticated attacks, resulting in huge financial losses, data breaches and damaged reputations. This is not a distant threat—it is happening right here, right now, to people and institutions that we know. We don’t hear about it because no one wants their supporters and/or customers to think that they can’t be trusted.
A Halachic Obligation
Rabbonim should consider emphasizing this message to their congregants. There is a mitzvah to be “chas al mammon Yisroel” — to protect the financial resources of our community [marei mekomos— sources—at the end of this article]. In today’s world, this mitzvah clearly extends to cybersecurity protection. Everyone (see marei mekomos) has a responsibility to educate their shuls and communities about these modern threats to financial well-being and organizational stability.
What You Need to Know
Cybercriminals are becoming increasingly sophisticated. They are using artificial intelligence and advanced technologies to create very convincing fake emails, messages and websites that appear legitimate. These attacks are far more sophisticated and more frequent than ever before, significantly more convincing and harder to spot, and potentially more damaging to your organization’s finances and reputation than previous threats.
The Business Email Compromise (BEC) Threat
One of the most common attacks is called Business Email Compromise (BEC). Here’s how it works in simple terms: A hacker sends an email that looks like it’s from someone you know and trust, such as your boss, a vendor or a donor. The email typically asks for a payment, a wire transfer or confidential information. If you respond without properly verifying the request, your organization could lose money or sensitive data.
Essential Steps Every Organization Must Take
- Get Cybersecurity Insurance IMMEDIATELY
It is potentially negligent and a true pshiyah (crime) not to have cybersecurity insurance in today’s digital environment. This insurance is relatively inexpensive compared to the catastrophic costs of a breach. Companies like AmTrust Financial offer these policies, though of course, I don’t specifically endorse any particular provider. The cost of such insurance is minimal compared to the devastating financial impact a successful cyberattack could have on your organization.
- Train Your Staff —ALL Staff
Everyone in your organization needs basic cybersecurity training. This includes teaching staff how to identify suspicious emails, understanding what file attachments are safe to open, knowing the proper procedures when emails are quarantined by your system, and learning the immediate steps to take if you suspect a hack has occurred. Regular training sessions should be conducted to keep everyone updated on the latest threats and prevention techniques.
- Slow Down and Be Vigilant
The single most effective defense is simply slowing down and paying careful attention. You should always double and triple-check sender email addresses and look for slight misspellings that might indicate a fraudulent message. When receiving requests for money or information, verify these requests through a different communication channel, such as picking up the phone and calling the supposed sender directly. Be especially suspicious of urgent requests or messages creating pressure to act quickly, as this is a common tactic used by cybercriminals to bypass your normal verification procedures.
- Take Advantage of Free Resources
Every nonprofit in New York State should apply for the NYS Cybersecurity Grant Program, which is a valuable funding opportunity designed to help organizations improve their security posture. Additionally, CSI offers free cybersecurity assessments for nonprofits that will identify your specific vulnerabilities and provide detailed recommendations to address each one. Taking advantage of these resources can significantly enhance your organization’s security without straining your budget.
- Work With Trusted Experts
Invest in a relationship with a reputable IT/cybersecurity consultant who understands your organization’s specific needs. This is not the place to cut corners or seek the lowest bidder. A qualified consultant can provide ongoing monitoring, regular security updates and immediate response in case of an incident. Their expertise is invaluable in preventing attacks and minimizing damage if a breach does occur.
What to Do if You’ve Been Hacked
If you discover that your organization has been hacked, you must act quickly as every minute counts in limiting the damage. Immediately disconnect any compromised devices from your network to prevent further spread of the attack. Contact your IT provider right away so they can begin containment and recovery procedures. Report the incident to appropriate law enforcement agencies, as they may have resources to help track the perpetrators. Finally, notify any affected parties as required by law, particularly if personal or financial information has been compromised.
Final Warning
The threat is real and growing. AI-powered attacks are increasing exponentially, and no organization is too small to be targeted. The question is not IF you will be targeted, but WHEN—and whether you’ll be prepared. Cybercriminals see smaller organizations and nonprofits as particularly attractive targets because they often have fewer security resources while still handling valuable financial transactions and sensitive data. They also research carefully, and they do these scams all day.
Don’t wait until it’s too late. Take action today to protect your organization, your donors, your clients and your community. The modest investment in security measures now could save you from devastating losses in the future.
Marei Mekomos (Sources)
The Origin of Plain Tachrichim
The Gemara in Moed Katan 27b tells us that when Jews were burying their dead in the finest clothing, Rabban Gamliel HaZakain arose and declared that enough was enough. The rising pressures, the “keeping up with the Joneses” in how to dress the deceased was causing enormous economic pressure on the living. “It must stop,” declared the rabbi, and the tachrichim, burial shrouds, we now use became the norm.
Boycotting Fish
The great Tzemach Tzedek (of 17th century Poland), cited by the Magen Avrohom in the beginning of hilchos Shabbos, once ruled (Responsa #28) that when local fishermen collude and raise the price of fish excessively, a prohibition can be levied upon the consumption of fish on Shabbos. It may take a week or two or even three, but eventually the collective buying power of ordinary people would force the price back down.
Obligation Upon Everyone
We will see, however, that it is not just great Torah leaders who have saved and are concerned for the financial well-being of their fellow Jews. It seems that this is what is expected by the Torah of everyone. The Gemara (Menachos 76a) tells us that Hashem commanded Moshe to also feed the nation’s livestock from the water that He had caused to emanate from the rock at Mei Merivah. Also, Rashi (Rosh Hashanah 27a) points out that the Kohen first removes the vessels from the house before declaring a house impure. So we see examples of the Torah being concerned with the financial well-being of the Jewish nation.
For the Public and for Private Individuals
The difference between the two cases is that the former is for the entire nation, while the latter demonstrates that the Torah is concerned even for the individual’s finances.
Social Norm and Torah Obligation
The Chasam Sofer on Bava Basra (54b) states that, generally speaking, one can make the assumption that fellow Jews are concerned with the monetary well-being of their fellow man, and that this assumption has legal ramifications. So we see that it is the normal behavior expected of all Jews. Rabbi Yaakov ben Asher, author of the Tur, discusses (in the Choshen Mishpat section of Shulchan Aruch, chapter 35) a person who does not care about Jewish money, and he writes that such a person will, in the future, surely answer for it. The Minchas Chinuch writes that one who is concerned about the preservation of his fellow Jew’s money fulfills the biblical commandment of “V’ahavta l’rei’acha kamocha— Love your neighbor as yourself” (see his commentary on that mitzvah). The clear indication from all these sources is that demonstrating concern for the financial well-being of others is not just a mitzvah, it is an expected social norm with reward for those who do it and punishment for those who do not.
*This warning is issued out of concern for all organizations in our community. Please share widely to help protect others.
The author can be reached at [email protected]
