Cybersecurity remains a topic of critical importance for nonprofits. Attacks have risen dramatically, with the costs associated with cyberattacks increasing from $3 trillion in 2015 to an estimated $10.5 trillion in 2025. Nonprofits are especially vulnerable given their smaller staffs and often, a lack of IT resources to combat the threats.
Added to these vulnerabilities is the sheer feeling of being overwhelmed from dealing with multiple security layers and platforms required for modern cybersecurity. False alarms, confusing error messages, and other issues can also make managing cybersecurity a challenge for nonprofits.
Strong Security Depends on Employee Vigilance
The best defense is a good offense, as they say. Employee vigilance is your offensive game against potential cyberattacks. Offer a brief refresher annually one how to spot potential scams and attacks including:
- Avoid opening emails that look suspicious
- Do not click on password reset links unless you initiated the reset request
- Do not click on links from emails that look like they are from reputable companies but have telling mistakes in the copy, such as grammatical errors, slight misspellings of the company name, etc.
- Never give your password out to anyone
If anyone on your team has your password and is authorized to log in on your behalf to any system, be sure to let them know that you will never ask anyone to call them for the password itself. A recent scam is a caller pretending to be someone who works with or knows the CEO, President, or CFO, and then asking for the password on behalf of that employee. This is typically an attempt to gain easy entrée into banking, credit card, and records systems in the company that could be worth thousands on the dark web (digital black market).
Leverage New Technology to Keep Security Simple and Strong
Cloud computing offers stronger and simpler security defenses that can be leveraged by organizations of all sizes. Cloud service providers install multiple security layers and alert systems intended to protect both their own cloud infrastructure and the businesses that rely on it. And, because they have multiple customers and millions of dollars invested in their delivery architecture, they take great pains to protect it from external attacks.
Another way to shield your organization from attack is to leverage a good web hosting company. Such companies have in place many detection methods to protect your site from denial of service (DOS) attacks and other direct attacks on your website.
Lastly, consider upgrading your virus protection systems. Real-time protection may include website scanning as employees use search engines for their work as well as scanning downloads, using cloud-based document storage systems with built in virus protection, and similar systems.
Update Your Software, Systems, and Platforms as Needed
Most major software companies conduct threat monitoring and intelligence, scanning the digital environment for new and emerging threats and developing protection against it. Every software maker and computer manufacturer issues periodic updates to its programs and platforms. These updates are essential to close known security gaps and issue patches to protect against new threats.
Look for security updates for the following systems:
- Operating systems (i.e., Apple/Mac, Microsoft)
- Office productivity suites (Microsoft Word, Excel, PowerPoint)
- Mobile phone operation systems (Android, iOS)
- Web browsers (Chrome, Edge, Firefox, Safari, and many others)
- Specialized nonprofit systems such as accounting or grant management systems
- Website updates (WordPress themes and plugins, for example)
Be sure to confirm that your software company did indeed issue that update. Some systems do update automatically. But others that prompt you to update your software should be investigated. You can often find news of updates published in tech journals online as well as on the software manufacturer’s website.
Although many nonprofits are small, they can take mighty steps to protect against cyberattacks. You can do a great deal to protect what you have built in your organization by using these tips.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.