Category

Data

You Can Never Be Too Careful: Improving Computer Security

By | Accounting, CPA, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

Cyber threats are on the rise worldwide. The costs of a data breach are staggering with the average cost to repair such breaches at $4 million. And if you think your nonprofit organization is too small to be affected by cybercrimes, data breaches, viruses, and ransomware think again: many of the worst threats are to individuals and small businesses and that includes small nonprofit organizations.

One of the areas most vulnerable to external cyber threats is communications. Contact forms on websites, emails, chats, images – all provide a window into your systems through which cyber criminals can enter to wreak havoc. Here’s how you can improve the security of your overall system with an eye towards shoring up the defenses of your communications network.

Questions to Ask – and Answer

The first step to solving any problem is to understand the full scope of the problem itself. To do this, you will need to evaluate all of the possible threats against your organization. Review security and access points including who has access to your systems, website, email server, social media accounts and any external software you may use such as cloud-based storage, file sharing, and other systems.

  • Do you have a written process for granting access and revoking privileges? A written process with a designated administrator controls access to key services and systems. You can detail who can access which systems and what to do when someone’s employment is terminated or they leave voluntarily.
  • Do you have a master list of all of your software and systems? Create a list of all of the software and systems, as well as administrators and contact people in your organization, for all of the software you use.
  • Do you have a process in place for updating your software? Those annoying popups prompting you to update your systems aren’t just for show. Software updates close gaps in the system that programmers find after the initial software releases. These “patches” are often important coding changes that defend against known threats. Regular updates of all of your software and operating systems are
  • Do you have virus protection in place? A virus protection program can screen websites to ensure they are safe and check inbound emails and attachments. Other types of virus programs scan your hard drive for malware, harmless but annoying programs, and other code that gets injected into your computer without your knowledge. It’s smart to have two packages rather than just one; two can often catch more than one.
  • Do you back up your systems regularly? In the event of a cyber attack, having backups ready to restore your systems is vital. Automatic backups can be installed or you can store some of your non-confidential files on a cloud server to keep copies safe.

Communications Security Tips

In addition to these questions and answers, consider a few other security measures to put into place.

  • Assume anyone, at any time, can read your emails. Do not share passwords or other confidential information by email.
  • Consider email encryption services, which encrypt email on your computer so that it can only be read by the sender and recipient.
  • Only open attachments from people you know.
  • Require two-step authentication to sensitive systems and accounts such as bank accounts.

If you’ve checked “yes” to many of these items, then congratulations – you’re ahead of many other nonprofits in the cyber security department.

One last step is to have an emergency plan on hand to restore critical systems in the event an attack cripples your nonprofit’s systems. The FBI virus, a form of ransomware, can infect computers merely through visiting an infected website and it is difficult to remove. It locks a computer so that you cannot use it until the ransom is paid to the criminal. A skilled computer technician or service can remove it but will cost both time and money.

This is just one example of possible threats. As the threats grow, having a backup plan and a plan to keep working while your systems are fixed is critical to keeping your doors open and your work continuing without pause.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Is your Organization at Risk for a Data Breach?

By | Data, Nonprofit | No Comments

How often do you read about a data breach, identity theft or other types of computer hacks where personal information has been compromised? What would happen if your nonprofit data was breached and what information would be potentially stolen? As a nonprofit organization, you collect a lot of data on donors, clients, staff and other supporters and having all that data places a lot of responsibility on the organization to secure and manage it well. Having nonprofit accounting policies in place is a necessity to safeguard everyone’s interests.

How Much Data Do You Collect?

At first glance, you may think you don’t collect all that much data. Sure, you’ve got a mailing list on file of people interested in your nonprofit’s work, and email addresses for that monthly newsletter to send out, but doesn’t everyone?

Consider how people donate to your nonprofit. If you accept credit card donations over the internet, website security becomes critical to prevent criminals from stealing data from your donors. Passwords may also be important if you have a members-only area on your site where you host forums. When you really sit down to analyze your organization’s data collection methods, you’ll quickly realize that you’ve got more data than you initially thought.

Keeping Data Safe: Creating a Data Ethics Policy

Many organizations are creating nonprofit accounting policies for data security and ethics to help safeguard customer privacy and maintain the high level of trust they’ve worked so hard to build with their constituents.

To create your own organizational data ethics policy, follow these five tips:

1. Establish data-use goals: Knowing exactly why your organization collects data, and the use to which you will put it in the future, is the starting point for a data ethics policy. You have to know the reason why you’re collecting the data in the first place to establish guidelines about its use. Some common reasons for collecting customer data include future marketing, such as requesting that interested people sign up for your email list so that you can send them donation solicitations later.

2. Create a privacy policy: Privacy policies exist everywhere on websites but an important part of your data security and ethics work. You can create a privacy policy in several ways. There are privacy policy generators online that help you build a simple boilerplate privacy policy for your website. You can also ask your legal counsel for a recommendation. Once you create your privacy policy, post it online.

3. Assess the risks: Take a data inventory to understand exactly what data you have stored and what the risks are of maintaining it. Know what you have to work with, how and where it is stored, and who has access to it. Lastly, determine who controls access to the data and the steps your organization has taken to safeguard it.

4. Add safeguards: Every day it seems that hackers have found new ways to break into websites and steal personal information from customers. It may be worthwhile to consult with an internet security expert to make sure that your website and network have the latest security safeguards in place. Updating software and plugins for websites, adding a virus protector to WordPress-based sites to screen for virus-filled spam, and using other simple measures may go a long way in preventing theft and security breaches.

5. Conduct due diligence: If third parties have access to your data, such as mailing house or email service providers, do you conduct due diligence to ensure that their safety procedures match or exceed your own? Few organizations give much thought to who in other companies may use or

access their data. Make sure that you have steps in place to screen companies and understand their data security policies. Common third-party vendors who may access your data include marketing agencies, mailing list companies, list brokers, email service providers, and fundraising organizations.

Nonprofit Accounting Policies for Data Security

Once you have the basic information about your current data collection and use, formulate a general ethics policy and procedure document that can be shared throughout your organization. A little work now will come in handy later if the unthinkable happens and you have a data breach on your hands. Your constituents will thank you for taking extra steps to safeguard your data.

At Welter Consulting we are committed to keeping your information secure and finding you the most affordable technology, the most powerful solution, and providing expert support. We are dedicated to assist you in achieving your mission by leveraging technology and superior reporting. We are passionate professionals who choose to work in the nonprofit sector for the same reason you do – helping others. Click here to see a complete listing of upcoming training and webinars, including the Free NonProfit

Encrypt an Email and Secure Your Gmail – Tips and Tricks for Email Communication

By | Abila, Accounting, CPA, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

The greatest threat facing the CPA community isn’t legislation or competition. It’s security as it pertains to our technology. CPAs must be cognizant of the latest security measures to protect sensitive, confidential client data. Technology has made it easy to send information to clients with the touch of a button, but where does that information end up – and how long does it remain accessible?

Such considerations are no longer academic questions. Instead, they are essential to running a secure and confident CPA practice.

Email Encryption: Protecting Sensitive Communications

Emails are by far the biggest offender when it comes to potential data breaches. Most email systems aren’t sent using encryption. Because emails are automatically shared across multiple devices these days, your email lives on long after you attempt to retract or erase it. It’s almost impossible to completely erase all traces of an email from hard drives, backup servers, and the recipient’s servers and devices.

The best way to protect emailed information is through encryption. Encryption “locks” messages so that only the recipient can read them. The recipient’s software automatically unlocks the message so that it can be read. If some third-party swoops in and somehow accesses the email, it cannot read it.

To encrypt your email transmissions, you can use a service that includes encryption. Gmail and Outlook are both good, solid email programs that incorporate encryption into their programming. Both services also include cloud storage, spam filtering, and IMPAP/POP support.

The drawback to using these services is that they use their own extensions rather than your company’s extension address. To rectify this situation, you can important Gmail or Outlook messages into Outlook Desktop.

The steps include:

1. Turn on two-step verification: Go to google.com/landing/2step, click the Get Started button, and follow the steps to set up two-step verification. A code is texted to your smartphone, which you enter to verify the account.

2. From your Outlook 2010, 2013, or 2016 ribbon, select File, Add Account to launch the Auto Account Setup screen.

3. Enter your name, email address (Gmail or Hotmail/Outlook.com), and password, and then click Next.

4. Set up a Gmail alias with your company name:

a. Open your Gmail account.

b. Sign in.

c. Click the Settings gear in the top right corner.

d. Choose Settings.

e. Select from the horizontal menu the Accounts and Import tab, Import mail and contacts,

f. Enter the email address you want to use as a Gmail alias.

g. Enter the password, and if necessary, enter the Pop username and Pop server.

h. Click Continue.

i. Sign in to the account you added

j. Open the confirmation message you received from Gmail

k. Click the link in the email to confirm and establish the connection.

l. To complete the setup, change the From line to reflect your newly added alias email address. For more details on how to set up a Google email address alias, visit Google support.

The process to set up Outlook aliases is similar.

1. Open Outlook.com.

2. Click the Settings gear.

3. Select Options.

4. In the Options menu in the left menu pane, select Connected Accounts, Other email accounts.

5. Enter the alias email address and your email password then click OK.

Keep in mind that encryption through Gmail or Outlook only works if both sender and receiver are using the same service. In other words, your message is encrypted only if you are using Outlook and your client is also using Outlook. If only you are using Outlook or Gmail, messages are encrypted on your end, but not the client’s end.

If you’d prefer, a computer consultant can help you set up a secure, encrypted email system for your business. Or make it a rule that confidential information must be delivered in person or via snail mail, rather than through email. If you’d prefer that no one else see your message, a phone call or letter through traditional mail may be appropriate.

We live in an age where technology can make our businesses more productive and efficient. It can also compromise sensitive client data. Fortunately, a few steps are all that’s needed to secure your email information.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Could Your Data Be at Risk?

By | Abila, Accounting, Audit, CPA, Data, Grant Management, HR, MIP Fund Accounting, Nonprofit | No Comments

Could your nonprofit associations’ data be at risk? Even with good security, you may still find yourself in the unpleasant position of ransoming your data from an unscrupulous hacker.

New viruses such as the notorious “FBI” virus do not hijack your computer for their own nefarious purposes. Some viruses lock your computer down so that you cannot access any of its information. Instead, once you pay a fee – like a random in a kidnapping – the hijackers ‘release’ your computer.

If you think this can’t happen to you, think again. What used to be a threat to major targets such as large corporations or government organization is now a threat to anyone at any time. In fact, smaller nonprofits may be targeted more frequently than larger ones because small organizations do not have the means to fight back when they’re the victim of crime. Criminals such as data hijackers look for easy targets or organizations that do not have the financial resources to fight back. Any organization is at risk.

What Is Data Hijacking?

The best prevention against data hijacking is awareness. It’s important to understand what data hijacking looks like and how to prevent it from occurring.

Data hijacking occurs when a computer program called ‘malware’ enters your system. Malware means malicious software. A specific type of malware called “ransomware” enters your system through an infected email or computer virus. Most often, users inadvertently click an email link or download software containing the malicious program.

Ransomware installs on the end users’ computer and encrypts the data on the target computer so that it can no longer be read. The encryption is so sophisticated that only the operator of the program has the key that unlocks it. Hijackers demand payment for the data ‘key’ that un-encrypts or unlocks the data.

How Ransomware Gets Past Security

There are many ways in which data hijackers bypass your organization’s secure to target your computers. One common way is to clone an executive or CEO’s email address or LinkedIn profile. They then use the fake profile to send an email with a link to people in your company. They often target top executives but anyone can be targeted.

Once the link is clicked, it downloads the ransomware and locks the target computer. A message appears on the computer screen demanding payment to release the computer. Hijackers often request payment in bitcoin, an untraceable digital currency that’s easy to convert into cash.

Even after paying the ransom fee, there’s no guarantee your computer will be released. In some cases, the hijackers themselves are unable to decrypt the computers after payment is made to them. In other cases, the hijackers simply disappear with your money – and your data is lost forever.

Preventing Data Hijacking

The best way to combat data hijacking is through prevention. The following steps should be undertaken to protect against lost data from data hijacking:

1. Be vigilant when screening your emails. Do not click on links within emails unless your are absolutely certain it’s from a known sender. The same goes for attachments which can also harbor viruses and malware.

2. Keep your computer programs updated at all times. Patches and updates protect against various forms of malware, including ransomware.

3. Backup your data frequently. Store it on the cloud as well as in storage devices NOT connected to computers or the internet.

4. Use firewalls to segment company data. This way if part of your network is affected by ransomware, you may not lose all of it if some is protected behind a firewall.

5. Block pop ups and disable macros in key programs, which are often used to distribute malware.

If you suspect that your company’s cybersecurity has been breached and ransomware or malware has been launched, disconnect your computer from the internet as soon as possible. That may prevent the malware from downloading entirely or from infecting others.

Next, contact Welter Consulting. We can help you with both the immediate problem and creating a long-term strategy to protect against viruses, malware, and ransomware.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services to help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Blog #4