Category

cyber security

What Are the Benefits of Moving to Cloud Computing?

By | Accounting, Cloud, cyber security, Nonprofit | No Comments

Cloud computing utilizes shared network hardware to mitigate against security risks and data loss. It lowers costs, improves access and speed, and is often considered the go-to option for many organizations. Let’s explore the reasons why moving to cloud computing can benefit your organization.

Improved Security

Cyber threats have increased exponentially in recent times. Only 26% of nonprofits actively monitor their network environments, a critical step to protect against threats. And more than 70% of nonprofits have not run any cyber threat assessments. Criminals know that nonprofits have neither the bandwidth nor the resources to defend against an attack, thus making them an even more appealing target.

Large cloud computing providers can afford to put into place rigid security protocols to protect donor and fundraising data. They can enact two-factor authentication, secure data transfers, and other steps to secure your data.

When selecting a cloud computing provider, look for one that has attained a Statement on Standards for Attestation Engagements (SSAE) certification, as designated by the American Institute of Certified Public Accountants (AICPA). Such cloud hosts have undergone a rigorous audit of their systems, including privacy controls, and are less vulnerable to attack.

Private cloud (instead of public cloud) servers may offer greater security. Public cloud has suffered in recent times from data breaches caused by misconfigured servers. If privacy is of deep concern to your organization, consider opting for private instead of public cloud services.

Uninterrupted Access

Many nonprofits faced the sudden shift to remote work when the pandemic arrived. Cloud computing facilitates remote work by providing uninterrupted access to data and servers 24/7. Anywhere you have an internet connection, authorized personnel can log into the system. This enables easier telecommuting and meaningful work while traveling.

Regular Backups

Regular backups safeguard data as well as systems. Increasing data limits does not affect cloud storage, as more storage space can be added easily and quickly. Redundant systems ensure that, no matter what happens or where it occurs, the systems continue to run smoothly.

Affordability

Cloud computing also offers nonprofits a more affordable entrée into enhanced computing power. Cloud systems hosted on shared or private cloud servers are maintained by the hosting company’s staff. IT staff can be deployed to solve onsite problems, provide daily IT services, and provide support for routine IT needs. There is no need for a nonprofit to invest in hardware, additional staff, or the space and equipment needed for staff.

Important Questions to Ask When Moving to the Cloud

If you’re convinced that moving to a cloud-hosted fund accounting program or another cloud-based software system is right for your nonprofit, there are several key questions to ask about the software under consideration.

  1. What is the process to migrate to the cloud? How challenging will it be? What is our organization’s participation in the process? Understand the time and money it will take to make the move to the cloud.
  2. How do the features of this system compare to what I have now? What is better, different, or will change? What remains the same?
  3. Who owns the data? Some contracts have the hosting company owning your data. Read the fine print.
  4. How difficult or easy is this software for our team to learn? When checking references with other software users, ask them this question to obtain direct feedback from other customers.
  5. Will there be any system downtime?
  6. What if we wish to stop using this system or move to a different one? What is the process?
  7. How frequently are backups made and how can we access them if necessary?

Cloud computing makes good sense for many nonprofits. It offers numerous advantages and few disadvantages. If you feel it is the next step for your organization, contact Welter Consulting for assistance.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

How to Survive a Ransomware Attack

By | cyber security, Nonprofit | No Comments

According to some estimates, a ransomware attack occurs once every 11 seconds. If you think your nonprofit is immune, think again. Nonprofits are often the target of cybercrime simply because criminals know that nonprofits have limited resources to fight back. They are more likely to pay the ransom than defend against attack.

If you find your systems locked and a message on the screen demanding a ransom, you’ve been hit with an attack. Don’t panic. Take a deep breath. It’s time to fight back.

Do You Have a Recovery Plan?

Although most organizations understand the risk of a cyberattack, few have an actual recovery plan in place should they face one. If that describes your organization, it’s time to get one in place.

An “incident response plan” or IRP outlines the teams and people responsible for various aspects of response to a ransomware attack. There are several critical areas that must respond, including IT, communications, public relations, and more.

If you do not have a recovery plan in place, it may be worthwhile to investigate the many templates available online, or work with a consultant to help you create one. Every day that goes by without an IRP in place is another day that puts your organization at serious risk should you be the subject of a cyberattack.

Identify the Source and Contain It

There are many ways in which ransomware can attack your computer systems. Clicking on the wrong link in an email, clicking on a random popup, and exposing your browser to malicious software on an innocent site are all ways that ransomware can penetrate a system.

Your IT department or cyber security response team will need to work diligently to determine the source of the attack. Then, once they figure out how the ransomware got into the system, they will need to contain it.

Think of ransomware like a wolf that gets through the fence and attacks the livestock. The immediate threat is the wolf, and it must be removed to protect the livestock. But after it is removed, the rancher will certainly scrutinize his fences to see where his defenses were down and take immediate steps to fix them so that another attack can be repelled before it advances. That’s what your IT team must do to protect your valuable commodity–your data.

Notify the Legal and Communications Teams

You should also contact your legal representatives so that they can prepare for any fallout from the attack. The communications professionals in your organization must prepare talking points for the CEO, president, and other organizational leaders who may be questioned about any potential data breaches or cyberattacks by the media. They should also prepare talking points to help leadership brief all employees about the problem and the steps being taken to address it.

Law enforcement should also be contacted, specifically the FBI Crime Complaint Center. This group tracks various cybercrimes. Go to the website and complete the online form to register the complaint and the attack with them.

Should You Pay the Ransom?

This is a tricky question. Your first instinct may be, “Oh, heck no!” but the reality may be different. If your IT department feels they can recover the systems and data safely from the attack, then you may not wish to pay the ransom. But, for other, smaller organizations with little recourse, you may have to pay the ransom.

Ultimately, the executives and potentially the board of directors may need to make the final decision about whether to pay the ransom. It may leave a bad taste in your mouth to capitulate to criminal demands, but if the alternative is to lose all your data and systems, you may not have much of a choice.

Successful Defense Starts with a Good Offense

Let’s face it–it’s not a question of if, but a question of when, you’ll encounter some form of cybercrime. A successful defense begins with a strong offense. This includes:

  1. An incident response plan
  2. Updated virus protection programs throughout your organization
  3. Updated software, including websites and third-party code (such as WordPress plugins)
  4. Training for your team on how to avoid clicking suspicious links
  5. Backups kept offline to protect sensitive data

With the right systems, teams, and plans in place, you can withstand a ransomware attack. Now is the time to begin your plan.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

5 Tips to Prevent Cybercrimes

By | cyber security, Nonprofit | No Comments

Cybercrimes are on the rise, and nonprofits aren’t immune to attack. Overall, cybercrime is expected to grow by 15% over the next year, with experts predicting the cost to businesses will exceed $6 trillion by 2021. Few nonprofits have adequate security policies in place, let alone the resources to address the damages from hacking or other cyber-attacks.

Criminals are getting more sophisticated, too, in how they hack into systems. Cybercrimes aren’t limited to computer-based theft. Software is now being used to mimic executive’s voices so criminals can fool assistants into divulging email passwords over the phone.

With so many tricks up the criminals’ sleeves, how can a nonprofit protect itself? Fortunately, we have five tips your organization can use to greatly improve its defenses. And, although no defense against cyberattacks is foolproof, criminals are more likely to go elsewhere if they experience resistance. Just like a sturdy door with a good lock prevents a robber from breaking in, so too will these defenses protect your systems.

5 Tips for Nonprofits to Improve Cybersecurity

  1. Increase cybersecurity awareness training
  2. Improve passwords
  3. Add two-factor authentication
  4. Update antivirus protection
  5. Switch to cloud software

1. Increase training and awareness: You can’t prevent crimes if you don’t recognize them when they are taking place. Cybersecurity training and awareness is a critical step to helping you prevent cybercrimes from affecting your nonprofit organization.

Criminals change their tactics all the time. As we mentioned at the start of this article, some are now using voice software to mimic an executive so they can trick unsuspecting employees into divulging sensitive information. This is just one example of a new tactic, but if more people were aware of it, it would become less effective.

To improve awareness and training, assign someone in your organization the responsibility of getting up to speed on the various possible cyberattacks. Then, organize different training opportunities. Lunch and learns, recorded trainings that employees can complete on their own, even demonstrations are all powerful ways in which to show the many possible types of cybercrime affecting nonprofits and how to spot potential activities.

2. Improve passwords: Passwords continue to be a point of entry for many cybercrimes. Many passwords are weak and easy to guess. Brute force attacks that can crack passwords are all too common. In a brute force attack, computers are used to generate thousands of random passwords per minute, and eventually many succeed because so many passwords are easy to guess.

Make your passwords as strong as they can be. Experts recommend that passwords be at least 10 characters long, contain upper- and lower-case letters, and at least one number, and at least one character. A unique password should be used for every account.

Consider having your IT experts force employees to change their passwords frequently. Many companies have enacted this to improve cybersecurity. While you may hear a lot of complaints, in the end, it will improve your cyber defenses.

3. Add multi-factor authentication: You’re probably familiar with this technology already—banks and credit card companies use it as an added layer of security. After inputting a password, a text message may be sent to the account owner’s smartphone with a code that must be entered into the site. Other two-factor methods include automated calls with codes, additional emails, and so on.

Multi-factor authentication improves security by adding another layer of protection between someone wishing to access a system and the system itself. Even if the password is cracked, two-factor authentication may stop entry into the account by insisting on verification.

4. Update anti-virus protection: If you’re still running the same antivirus software that came with your computer, it’s time for an update. Antivirus software must be updated frequently to keep up with the new and emerging threats.

Make sure that when your software prompts you to download an update, you do so. It is also important to keep all your software (not just your antivirus software) updated.

5. Switch to cloud-based software: By now you’ve probably heard all about cloud computing and cloud-based software. Cloud software enables your team to log on from any internet-connected device to your company’s systems. Most cloud hosts have additional security measures and protection in place, more so than your organization can add on its own. They also back up systems so if anything should happen to your data, it can be restored without much of an interruption.

Moving from site-based software to the cloud may be easier than you thought. Speak with a software consultant well-versed in nonprofits and your organization’s unique accounting needs before choosing a cloud provider to ensure the transition goes smoothly.

Cybercrime may be a constant threat, but there’s much you can do to prevent it. These tips, along with the right technology, can go a long way to protecting your organization.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Tips to Prevent Cyber Crime at Your Nonprofit

By | cyber security, Nonprofit | No Comments

According to Fintech News, cybersecurity attacks have increased 80% over the past year. If you think only big companies or for-profit companies have to worry about cybercrime, think again. Criminals often target nonprofit organizations because they know that many lack the internal IT resources to prevent an attack.

Don’t fall victim to a cybercriminal. Here’s what you need to know to stay protected.

Know the Risks, Upgrade Your Defenses

In order to protect against cyber-attacks, it’s important to know where the potential risks lie in your organization. Common ways in which criminals attack computer systems include:

  1. Unsecured WiFi: Your office WiFi may have strong password protection, but if you allow employees to telecommute, their systems may be open to attack. During the pandemic, many nonprofit organizations allowed their employees to work from home. Some employees have secure networks but not all do. An unsecured WiFi network or one with a weak password is ripe for the picking by cybercriminals who can easily grab valuable passwords and data.
  2. Phishing emails: Phishing emails are disguised to look like they come from a reputable company such as your bank or credit card company. However, when you click on the link, they direct you to a site that captures your login information.
  3. Phishing phone calls: A new angle on the phishing email is the phishing phone call. In this instance, a caller contacts an assistant, usually an executive or administrative assistant, claiming to be from a reputable company and asking for the CEO or another chief executives’ login information. Many assistants have such information handy, especially if they respond to emails or schedule meetings on behalf of an executive. If this sensitive information is given out, the thieves use it to access critical systems.
  4. Trojans, spyware, and malware: Trojans, spyware, and malware can infect a computer just by casually browsing an infected website or accidentally clicking an infected link. They can then be passed along unintendedly to other computers, enabling hackers to access systems or hold data for ransom.
  5. Failing to update software: Software patches, plugin updates on WordPress websites, and similar updates aren’t nuisances. Companies release them to patch known problems in the coding. Failing to update software is like leaving the key under the doormat and hoping a burglar won’t think to look there.

Even if your organization is small, you can still take steps to prevent an attack from any of these areas.

5 Ways to Protect Your Organization’s Data

You don’t need an army of cybersecurity experts to protect your organization’s system. Most nonprofits can take the following steps on their own to greatly lower their risk of cybersecurity issues.

  1. Upgrade security software: Invest in better security software and take the time to update it when prompted by the manufacturer.
  2. Upgrade hardware and software: Older computers and software are more easily hacked than newer products. Set aside budget for updates to your hardware and software each year.
  3. Avoid donated hardware: Although donated computers may be a nice gift, unless you know the donor and can have a security expert wipe them clean, avoid using donated equipment.
  4. Use strong passwords: Insist that all employees use strong passwords, and make sure everyone changes their passwords monthly. Strong passwords typically consist of random arrangements of lowercase and capital letters, numbers, and symbols.
  5. Train your employees: Many cybercrimes occur due to employee mistakes, such as using weak passwords or falling for a phishing scam. Teach your team what to look for to spot phishing emails; misspelled words, blurry logos, company URLs that don’t look quite right. When in doubt, close the email and open up a separate browser to log in and check for messages. Training is often enough to prevent many cybercrimes.

Nonprofit organizations have fewer resources to combat cybercrimes. But that doesn’t mean they can’t take steps to prevent crime. Just as even the poorest homes have locks on the doors to keep thieves out, you can put virtual “locks” on your data.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.