Monthly Archives

May 2021

5 Tips to Prevent Cybercrimes

By | cyber security, Nonprofit | No Comments

Cybercrimes are on the rise, and nonprofits aren’t immune to attack. Overall, cybercrime is expected to grow by 15% over the next year, with experts predicting the cost to businesses will exceed $6 trillion by 2021. Few nonprofits have adequate security policies in place, let alone the resources to address the damages from hacking or other cyber-attacks.

Criminals are getting more sophisticated, too, in how they hack into systems. Cybercrimes aren’t limited to computer-based theft. Software is now being used to mimic executive’s voices so criminals can fool assistants into divulging email passwords over the phone.

With so many tricks up the criminals’ sleeves, how can a nonprofit protect itself? Fortunately, we have five tips your organization can use to greatly improve its defenses. And, although no defense against cyberattacks is foolproof, criminals are more likely to go elsewhere if they experience resistance. Just like a sturdy door with a good lock prevents a robber from breaking in, so too will these defenses protect your systems.

5 Tips for Nonprofits to Improve Cybersecurity

  1. Increase cybersecurity awareness training
  2. Improve passwords
  3. Add two-factor authentication
  4. Update antivirus protection
  5. Switch to cloud software

1. Increase training and awareness: You can’t prevent crimes if you don’t recognize them when they are taking place. Cybersecurity training and awareness is a critical step to helping you prevent cybercrimes from affecting your nonprofit organization.

Criminals change their tactics all the time. As we mentioned at the start of this article, some are now using voice software to mimic an executive so they can trick unsuspecting employees into divulging sensitive information. This is just one example of a new tactic, but if more people were aware of it, it would become less effective.

To improve awareness and training, assign someone in your organization the responsibility of getting up to speed on the various possible cyberattacks. Then, organize different training opportunities. Lunch and learns, recorded trainings that employees can complete on their own, even demonstrations are all powerful ways in which to show the many possible types of cybercrime affecting nonprofits and how to spot potential activities.

2. Improve passwords: Passwords continue to be a point of entry for many cybercrimes. Many passwords are weak and easy to guess. Brute force attacks that can crack passwords are all too common. In a brute force attack, computers are used to generate thousands of random passwords per minute, and eventually many succeed because so many passwords are easy to guess.

Make your passwords as strong as they can be. Experts recommend that passwords be at least 10 characters long, contain upper- and lower-case letters, and at least one number, and at least one character. A unique password should be used for every account.

Consider having your IT experts force employees to change their passwords frequently. Many companies have enacted this to improve cybersecurity. While you may hear a lot of complaints, in the end, it will improve your cyber defenses.

3. Add multi-factor authentication: You’re probably familiar with this technology already—banks and credit card companies use it as an added layer of security. After inputting a password, a text message may be sent to the account owner’s smartphone with a code that must be entered into the site. Other two-factor methods include automated calls with codes, additional emails, and so on.

Multi-factor authentication improves security by adding another layer of protection between someone wishing to access a system and the system itself. Even if the password is cracked, two-factor authentication may stop entry into the account by insisting on verification.

4. Update anti-virus protection: If you’re still running the same antivirus software that came with your computer, it’s time for an update. Antivirus software must be updated frequently to keep up with the new and emerging threats.

Make sure that when your software prompts you to download an update, you do so. It is also important to keep all your software (not just your antivirus software) updated.

5. Switch to cloud-based software: By now you’ve probably heard all about cloud computing and cloud-based software. Cloud software enables your team to log on from any internet-connected device to your company’s systems. Most cloud hosts have additional security measures and protection in place, more so than your organization can add on its own. They also back up systems so if anything should happen to your data, it can be restored without much of an interruption.

Moving from site-based software to the cloud may be easier than you thought. Speak with a software consultant well-versed in nonprofits and your organization’s unique accounting needs before choosing a cloud provider to ensure the transition goes smoothly.

Cybercrime may be a constant threat, but there’s much you can do to prevent it. These tips, along with the right technology, can go a long way to protecting your organization.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Three Potential Fraud Risks–And How to Prevent Them

By | Fraud, Nonprofit | No Comments

When many nonprofits were forced to adjust to the new business climate created by the global pandemic, few considered that with the abrupt changes came an increased risk of fraud. As nonprofits worked hard to keep their doors open and find new ways to serve their constituents, raise funds, and conduct business, new areas of risk also opened for many nonprofits.

According to Accounting Today, the risk of fraud greatly increased during the pandemic. In May of 2020, 68% of investigators said they were seeing a rise in fraud. By August, that number had increased to 77%.

The types of fraud varied. Some saw a rise in insurance fraud, while others noted employee embezzlement or intentional fraud connected to financial statements.

Here, we’ll cover three areas of business that, with the changes created by the pandemic, may have opened your organization to additional risk. If you take steps now, you may be able to prevent problems before they arise.

Internal Risk

Many nonprofits relaxed their internal controls as their employees shifted to telecommuting. Employees who wouldn’t dream of stealing from the organization while they were at work may be tempted by an “out of sight, out of mind” attitude by working from home. Sadly, employees may be struggling with financial strain if a family member lost their job or bills are mounting. These circumstances can tempt even the most honest person to conduct fraud.

Circumstances may also have opened the door for employee theft. What used to require a physical signature may now be approved via the computer. Limits on how much an employee could sign checks for may have been changed.

To prevent employee theft and fraud, now is a great time to revisit your organization’s internal controls. Review your policies and decide which controls may be returned to pre-pandemic levels.

Check in with your employees. It helps prevent the “out of sight, out of mind” attitude if employees feel connected to their managers and colleagues. It also lets them know you care and, if they are struggling, they may feel comfortable enough to share it with you. Then, you can choose to help them if possible.

Procurement Fraud

If your nonprofit purchases supplies of any type, you should consider the potential risk of procurement fraud. Procurement fraud can occur in many situations. A new vendor may request payment in advance or partial payment in cash, then skip town without delivering the order. Or they may shortchange an order, pocket the difference between what was ordered and what was delivered, and count on the fact you have fewer than normal people working on site to catch the difference.

To combat procurement fraud, it’s important to continue performing due diligence with any new vendors. Be sure to physically review all supply orders and compare purchase orders with invoices to make sure everything that was ordered was delivered on time.

Cyber Fraud

Lastly, with the changes created by the pandemic, the risk of cyber fraud may be increased. Many nonprofits had to make do with existing technology to enable employees to work from home. This led to employees using their own devices and potentially using unsecured WiFi. Both can open the door for trojans, viruses, malware, and ransomware.

If your organization rushed into telecommuting, now is the time to take a step back and look at the technology you’re using. Does it support secure remote access? Cloud-based systems offer enhanced security features as well as easy remote access and may be an ideal solution for nonprofits who wish to continue to allow telecommuting.

Some cybercrimes can be prevented through increased awareness and vigilance. Consider adding additional training for your staff so they can recognize phishing emails and similar schemes to gain access to your organization’s systems.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

 

 

Auditing Challenges: No Clear Answers for an Unusual Year

By | Audit, Nonprofit | No Comments

The typical auditing process is both an art and a science. Auditors must use their judgment but base their judgments upon generally accepted accounting practices (GAAP), nonprofit accounting rules, IRS requirements, and so on.

But this year, the typical nonprofit audit is anything but typical. Nonprofits in a variety of fields are wrestling with key questions, and auditors are finding their skills taxed to the max.

If your nonprofit is also struggling with its audit this year, here are a few tips to keep in mind to deal with auditing challenges.

Communicate Clearly With Auditors

Few nonprofits had warning that 2020 would be anything but business as usual. With the sudden disruption in everything from fundraising to delivery of their programs, nonprofits experienced anything but the typical year.

Your auditors know that the past year was challenging. What they don’t know is how you coped with it. Your job is to communicate clearly with the auditors working with your organization. They should be apprised of all decisions that impacted finances, from canceling the annual charity gala to hosting a silent auction online.

The board charged with oversight and governance of your organization should meet and review changes to financial plans from the past year. Then, they may need to meet with the auditors to discuss all the ramifications of these changed plans.

Remote Audits Pose Additional Challenges

Many auditors are conducting remote audits this year, either a full remote audit or a portion of the audit. Be sure to organize your documents to save time for the auditors. Ask your staff to set aside time as needed for the audit. They should be as ready to answer an auditor’s questions by phone, text, or instant message as they would be if the auditors were on site and able to drop into their office to ask a quick question.

Risks of Mis-Categorization Increase

Because so much of the work environment has changed in the past year, there is an increased risk of material misstatement. Revenues, services, programs, and fundraising activities may have changed due to the pandemic.

Speak with your auditors and discuss any changes that may be impacting your organization. For example, if a negative income statement will impact your ability to receive grant funds, tell the auditors. Your auditors can guide you through the ramifications of each decision so that you understand the potential outcome of the audit.

Use Technology to Your Advantage

Nonprofit accounting software can be of great help with remote audits. Whole ledger analysis (if available) in your software can help your auditor identify potential risks. Such technology may be able to spot various abnormalities, including transactions that occur outside of normal working hours, a pattern of transactions just under the threshold of management approval, and so on. Using technology as an additional set of eyes on the general ledger can be a huge help to nonprofits.

Review Internal Controls

Another ramification of an unusual business year is, unfortunately, an increased risk of fraud and theft. This is a good time to revisit your nonprofit’s internal controls. Many organizations adapted their internal controls to accommodate telecommuting, but with such adaptations comes increased risk. For example, approvals that used to require a physical signature may now be allowed through the accounting system.

Work with your auditors to review how and when internal controls changed. They may advise you to return to stricter controls or at least return some to pre-pandemic levels. They can also review transactions and ensure that any abnormalities are investigated promptly.

Here’s to a Successful Audit!

Nonprofits adjusted rapidly to the restrictions placed on their activities during the pandemic. Such adjustments, however, do carry consequences and risks. Working together with your auditors, your board and management team can continue to adapt and adjust so that your audited financials tell the complete story of just how your organization weathered the unusual pandemic year.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.