Cyber threats are on the rise worldwide. The costs of a data breach are staggering with the average cost to repair such breaches at $4 million. And if you think your nonprofit organization is too small to be affected by cybercrimes, data breaches, viruses, and ransomware think again: many of the worst threats are to individuals and small businesses and that includes small nonprofit organizations.
One of the areas most vulnerable to external cyber threats is communications. Contact forms on websites, emails, chats, images – all provide a window into your systems through which cyber criminals can enter to wreak havoc. Here’s how you can improve the security of your overall system with an eye towards shoring up the defenses of your communications network.
Questions to Ask – and Answer
The first step to solving any problem is to understand the full scope of the problem itself. To do this, you will need to evaluate all of the possible threats against your organization. Review security and access points including who has access to your systems, website, email server, social media accounts and any external software you may use such as cloud-based storage, file sharing, and other systems.
- Do you have a written process for granting access and revoking privileges? A written process with a designated administrator controls access to key services and systems. You can detail who can access which systems and what to do when someone’s employment is terminated or they leave voluntarily.
- Do you have a master list of all of your software and systems? Create a list of all of the software and systems, as well as administrators and contact people in your organization, for all of the software you use.
- Do you have a process in place for updating your software? Those annoying popups prompting you to update your systems aren’t just for show. Software updates close gaps in the system that programmers find after the initial software releases. These “patches” are often important coding changes that defend against known threats. Regular updates of all of your software and operating systems are
- Do you have virus protection in place? A virus protection program can screen websites to ensure they are safe and check inbound emails and attachments. Other types of virus programs scan your hard drive for malware, harmless but annoying programs, and other code that gets injected into your computer without your knowledge. It’s smart to have two packages rather than just one; two can often catch more than one.
- Do you back up your systems regularly? In the event of a cyber attack, having backups ready to restore your systems is vital. Automatic backups can be installed or you can store some of your non-confidential files on a cloud server to keep copies safe.
Communications Security Tips
In addition to these questions and answers, consider a few other security measures to put into place.
- Assume anyone, at any time, can read your emails. Do not share passwords or other confidential information by email.
- Consider email encryption services, which encrypt email on your computer so that it can only be read by the sender and recipient.
- Only open attachments from people you know.
- Require two-step authentication to sensitive systems and accounts such as bank accounts.
If you’ve checked “yes” to many of these items, then congratulations – you’re ahead of many other nonprofits in the cyber security department.
One last step is to have an emergency plan on hand to restore critical systems in the event an attack cripples your nonprofit’s systems. The FBI virus, a form of ransomware, can infect computers merely through visiting an infected website and it is difficult to remove. It locks a computer so that you cannot use it until the ransom is paid to the criminal. A skilled computer technician or service can remove it but will cost both time and money.
This is just one example of possible threats. As the threats grow, having a backup plan and a plan to keep working while your systems are fixed is critical to keeping your doors open and your work continuing without pause.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.