If you’re not taking steps to reduce your risk of cybercrime, you should. Nonprofits aren’t immune to attacks from criminals, and, in fact, the opposite may be true. Many cybercrimes target small businesses and nonprofits because criminals know that these organizations lack resources, such as insurance or IT specialists, to fight back. Instead, they often submit to the criminals’ demands and pay the ransom. The criminals can then head to their next victim without punishment.
It’s time to reduce cybercrime risk by taking proactive steps. While you cannot eliminate the threat from attacks, you can certainly take steps to minimize risk. It’s like installing sturdy locks on the door of your home, an alarm system, and a webcam; it won’t stop someone determined to break in and steal your possessions, but it sure makes it harder for them to do so, and easier to catch them.
Five Tips to Reduce a Nonprofit’s Risk of Cybercrimes
- Improve password strength: Please, say goodbye to using “password123” or “namename123” as your passwords. Yes, according to , people still use passwords like 1234567. Despite news of security breaches affecting millions of people (and their credit rating), people continue to use weak passwords. Don’t allow this within your organization. Insist that everyone choose strong passwords and change them monthly. Strong passwords are difficult for the average person to guess, do not include common words or phrases, and include capital letters and lower case letters as well as symbols and numbers. Think that’s a tall order? It could save you a great deal of trouble later by making the proverbial “lock on the door” very strong and keep attackers from easy entry into your database or website.
- Review your cybersecurity strength: Conduct a cybersecurity audit or work with us to conduct one. A cybersecurity audit examines all areas of your organization where attackers may gain entry and cause trouble. It also helps you pinpoint things you’re doing right so you can replicate them. provides a free guideline to help you conduct your audit.
- Update your software and website: All software needs to be updated to patch known problems and fix gaps that hackers exploit for nefarious reasons. When your software prompts you that it needs to update, please don’t ignore the message or quiet it and forget it. Websites also need to be updated frequently. WordPress, a common framework used to build websites, typically includes codes called plugins, which are areas hackers are known to exploit. These should be checked and updated regularly, which can be done from the administrative panel in WordPress. Other site providers and frameworks have similar places to update software.
- Provide training: Train employees to recognize attempts to gain access to systems. Some common things to watch for include phishing schemes, which trick people into revealing passwords through phony reset messages or similar emails; scams that encourage you to click on a link, thus infecting your computer with a virus or similar code; or downloading a ‘free’ item that includes malicious code embedded in it. Another method that criminals use to gain access to company systems is to pretend to be the CEO or another public-facing executive and request information from someone about the system or their password. By teaching your staff all of these methods, you help raise awareness of what they may encounter and encourage the appropriate steps to confirm any requests for passwords and confidential information. Write and document all procedures and provide training to both new employees and refresher training for current employees.
- Back up everything: If a security breach occurs, you may be locked out of your systems. It’s a nightmare that some companies face, and it can be costly to fix it. By backing up your systems, you’ll be able to access and replace any information that may be compromised by an attack.
Take Cybercrime Seriously
Take cybercrime seriously. An ounce of prevention is always worth more than a pound of cure.
If you need help with a cybersecurity audit or more information, please don’t hesitate to contact Welter Consulting for information.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please at 206-605-3113 for more information.