8 Ways Nonprofits Can Fight Cyber Attacks
What Your Charity Can Do To Protect Against Cyber Attacks
Online fraud and cyber scams have increased 270 percent in the past two years, according to the FBI.
Nonprofits need to start paying attention, because smaller organizations and businesses tend to be targeted by cyber criminals, due to the lack of tech savvy and sophisticated cyber security measures.
The reasons for nonprofits to be concerned about cybersecurity are numerous:
Nonprofit websites that end in .org are often targets of hackers because websites ending in .org are highly ranked by Google. That means they usually show up early in search results leading to high visibility.
Nonprofit organizations handle volumes of sensitive data every day. Client records, donor information, confidential emails, and hundreds of other transactions pass through our agencies.
For a sector that relies heavily on donor trust and confidence, a cybersecurity breach can be fatal, especially for small organizations.
How concerned should nonprofits be in the face of recent cyber attacks and security threats? How can we ensure that our sensitive data is secure, and how can we assuage donors’ fears as more and more hacking scandals come to light?
Here are eight tips for how your nonprofit can respond to cybersecurity threats in the New Year.
1. Make it a priority.
In an interview with Third Sector Today, Cyber Security Expert Chris Dufour recommended making data security a priority for all organizations, much like making payroll.
Dufour warned against falling prey to the common myth – “Who would want to hack US?” If you are a small organization, you may be a more desirable target than a larger company.
You never know who may have “nefarious purposes” online – it’s always better to be safe than end up on the front page of the local or national newspaper.
2. Upgrade your computers and software.
Many nonprofits I know still use Windows XP, even though it is more than a decade old. Did you know that Microsoft completely has stopped supporting and sending security patches and updates to Windows XP?
That means computers running the outdated software are now much more vulnerable to cyber attacks and hackers - and these criminals know it.
I wholeheartedly agree with Microsoft’s 2016 statement on the topic:
“In the past 12 years, you’ve probably gotten a new phone, maybe a new TV, and possibly even a new car. Maybe it’s time for a new PC too, so you can make sure you have more memory and storage, faster processing speeds, and a higher-quality display (some even come with touch). And they’re less expensive than you might think.”
The older your operating system, your computers and your network, the more susceptible they are to data breaches – it’s as simple as that.
No budget for new computers? The nonprofit TechSoup collects and disseminates technology donations to nonprofits, and they offer many software and hardware products at a steep discount. CCB Technology also provides computers and technology to nonprofits at low-cost.
3. Train and inform employees and volunteers.
You may assume that your employees and volunteers understand terms like spear-phishing and how to recognize malicious links in emails and website pop-ups. Never assume!
Get professional training on how to protect against viruses, malware, spyware and other items that can easily be added to nonprofit computers with just the click of a button.
Make sure everyone who has access to the organization’s computers is on the same page and alert to these kinds of threats.
Develop strict policies on what employees can download from the Internet and have restrictions on downloading new applications without the sign-off of an IT person or supervisor.
Fortunately, there are organizations such as Cybrary that teach the public about cybersecurity.
4. Focus on passwords.
Do not have the same password for every social network and website you access! Change it slightly and make sure to keep that information in a secure location. I like Dashlane as a password manager – you only have to memorize one password and enter all your other logins into their system.
What makes a great password? According to Tony Bradley, there are at least six ways to build a secure password.
They include mixing up the types of characters you use (numbers, letters, symbols) and not using words you can find in the dictionary.
5. Invest in reputable nonprofit technology.
Do you still send PDF attachments through Outlook for your email newsletter? Is your database kept in an Excel Spreadsheet on your desktop?
It’s time to do better. Use an email provider like Constant Contact or MailChimp to send email blasts and fundraising appeals. Explore purchasing a CRM system to keep information on donors, volunteers, supporters and the like.
Investing in reputable, dependable technology systems for your organization is a huge step in securing data and ensuring efficient processes for years to come.
Read GuideStar’s 10 Tips for Funding Technology and TechSoup’s 25 Tips for Evaluating (And Writing) Successful Technology Grant Proposals (PDF)
6. Use a reputable online payment processor.
Many donors want to give online. But donors will not give online if the payment process is complicated and insecure. From what I have seen online, the majority of nonprofits use PayPal, but I recommend giving donors at least one other option as well. You might consider third-party services specially designed for nonprofits, such as Network for Good or Razoo.
Also, be aware how fraudsters can use your donation pages to process fake donations using stolen credit card numbers. See our article, How Nonprofits Can Keep Donors Safe by Preventing Credit Card Fraud, to learn more about keeping your charity and your donors safe.
7. Stay calm.
Do not think that because of the recent rash of cyber attacks that you should panic and shut down all services connecting to the internet. That would not be wise nor practical.
Using cloud-based services like Google and storage applications like Dropbox are among the most cost-effective tools for nonprofits. The key is to ensure that the data stored in the cloud is secure and encrypted. (For more on data encryption, read this article from the First Nonprofit Group)
8. Stay informed.
Privacy policies constantly change. It is our responsibility as nonprofit professionals to be aware and informed of these changes and how they will affect our nonprofit data security.
It is important to remember that this is an age of very limited privacy – if there is still any real privacy at all. Being as transparent and accessible as possible is vital to build and maintain trust with your supporters and with the community at large.