Is Your Charitable Organization at Risk?
If tomorrow’s headlines read your non-profit organization’s data and donor info was breached, what would be the ramifications? Are you taking enough appropriate steps to stop cybersecurity threats?
Is Your Charitable Organization at Risk? Cybersecurity Tips for Non-Profits
Almost weekly, we hear about an internet or computer security breach at a large retailer, bank, or recently, a major credit reporting service. These breaches create problems for not only the companies involved but for their customers. Personal information is often exposed, and the carefully crafted reputation a company may have built for years or decades can be destroyed.
As of yet, we haven’t heard of any major breaches at a non-profit organization. The key words are “as of yet.” Non-profits often store a significant amount of data about their board members, employees, volunteers, donors, corporate supporters, and more. A security breach for a non-profit will not only be embarrassing but it could have significant adverse effects on future funding. These are some of the reasons non-profits should be proactive in taking steps to button up computers and online security. Here are nine cybersecurity tips of which non-profits should take note.
- Increase the difficulty of your passwords and change them at least quarterly. If your organization is using simple passwords because it is “easier”, you should keep in mind it also makes it easier for others to gain access. Many experts agree that the most secure passwords should be a random series of eight letters and numbers with at least two capital letters included in the sequence. With the frequent turnover in staff members and volunteers, passwords should be changed at least every three months. Don’t allow staff to write their passwords on Post-It notes attached to their computers. It happens.
- Set security protocols for staff and volunteers in writing. Don’t assume those around you know about phishing and spear phishing and the dangers lurking behind pop-up ads and downloads. Many non-profit organizations have older volunteers who may not be aware of the latest dangers and tactics being used to gain access to data. Having staff and volunteers sign off on a one-sheeter acknowledging they understand basic security guidelines can demonstrate they are aware of the potential problems.
- Upgrade security software. Of course, non-profit budgets are tight but they will get much tighter if there is a breach in your data and donors feel their information is not secure. Make it a point to get security software from a major supplier that you can feel comfortable with and keep it updated. Providing a secure firewall or malware protection after experiencing a cybersecurity attack will do little to build confidence in your organization.
- Upgrade computers and hardware. The older your equipment is, the more likely it is susceptible to a cybersecurity threat. Board of directors may not be willing to invest in new computer systems just because of the bells and whistles they include. If the security of their sponsor and donor data is at risk, however, it may get their attention and provide support for new equipment. If your non-profit has not looked into TechSoup for deep discounts on software and hardware, it should. The application process can be a bit tedious but the savings are significant.
- Make sure your online donation processing is impregnable. It is critical your donors have absolute confidence when making online donations. While services like PayPal are simple and relatively easy to set up, they may not instill the confidence of a more robust payment system. Giving donors payment options can also help facilitate more and more frequent donations.
- Limit access to important files and data. One of the benefits of working for a non-profit is that there is often a team atmosphere, with staff and volunteers working toward a common goal. Unfortunately, this can lead to sloppy security and over-sharing of files and data. Computers may be left unlocked when not in use and unnecessary personnel may have access to sensitive files. Limiting access will not only protect your information in-house but will help in limiting external access.
- Back up data on an external drive. How quickly can your organization restore current data and software if you had a significant hard drive crash? Computers are generally more stable than ever, but this can lead to a false sense of security and even complacency about backing up data. Make sure data is backed up regularly and frequently and the back up is kept off-site. This can be done in the cloud, on a CD or on an external hard drive. If the hard drive on your computer or server were to irretrievably crash today, what would the ramifications be? If you don’t know or if the word “disaster” comes to mind, create an off-site backup and restoration plan.
- Get professional assistance. If you are not confident in the steps you are taking in keeping your organization’s data secure from threats, get the advice of someone experienced in the field. Discuss cybersecurity with other profit and non-profit organizations you may come in contact with and ask for recommendations. Cybersecurity doesn’t have to be that complicated when it is made a priority but if you are not comfortable taking it on, get the help of an expert.
- Document the steps your organization takes to protect the security of its data. In the event of a cybersecurity attack, it won’t take long for fingers to be pointed and blame to be placed. This is why it is important to have a security plan in place and document what is being done. This can demonstrate, even after the fact, that your organization was aware of the possibility and was taking proactive steps to keep its computers and data safe. This should include how your social media is handled and who is responsible for it.
Make cybersecurity a priority, get everyone involved, and document your plan and processes. Greater awareness can go a long way in protecting the data of your non-profit organization.
Bill Wootton is the Founder and President of C3 Integrated Solutions, a full-service IT provider based in Arlington, VA that specializes in securing our nation’s Defense Industrial Base through cloud-based solutions and industry leading partners. Bill is passionate about bringing cyber-awareness, and cyber-maturity to the nation’s Defense Industrial Base, working with clients to help them achieve CMMC and NIST 800-171 compliance by providing MSP, security and Office 365 integration services.