Category

cyber security

5 Tips to Prevent Cybercrimes

By | cyber security, Nonprofit | No Comments

Cybercrimes are on the rise, and nonprofits aren’t immune to attack. Overall, cybercrime is expected to grow by 15% over the next year, with experts predicting the cost to businesses will exceed $6 trillion by 2021. Few nonprofits have adequate security policies in place, let alone the resources to address the damages from hacking or other cyber-attacks.

Criminals are getting more sophisticated, too, in how they hack into systems. Cybercrimes aren’t limited to computer-based theft. Software is now being used to mimic executive’s voices so criminals can fool assistants into divulging email passwords over the phone.

With so many tricks up the criminals’ sleeves, how can a nonprofit protect itself? Fortunately, we have five tips your organization can use to greatly improve its defenses. And, although no defense against cyberattacks is foolproof, criminals are more likely to go elsewhere if they experience resistance. Just like a sturdy door with a good lock prevents a robber from breaking in, so too will these defenses protect your systems.

5 Tips for Nonprofits to Improve Cybersecurity

  1. Increase cybersecurity awareness training
  2. Improve passwords
  3. Add two-factor authentication
  4. Update antivirus protection
  5. Switch to cloud software

1. Increase training and awareness: You can’t prevent crimes if you don’t recognize them when they are taking place. Cybersecurity training and awareness is a critical step to helping you prevent cybercrimes from affecting your nonprofit organization.

Criminals change their tactics all the time. As we mentioned at the start of this article, some are now using voice software to mimic an executive so they can trick unsuspecting employees into divulging sensitive information. This is just one example of a new tactic, but if more people were aware of it, it would become less effective.

To improve awareness and training, assign someone in your organization the responsibility of getting up to speed on the various possible cyberattacks. Then, organize different training opportunities. Lunch and learns, recorded trainings that employees can complete on their own, even demonstrations are all powerful ways in which to show the many possible types of cybercrime affecting nonprofits and how to spot potential activities.

2. Improve passwords: Passwords continue to be a point of entry for many cybercrimes. Many passwords are weak and easy to guess. Brute force attacks that can crack passwords are all too common. In a brute force attack, computers are used to generate thousands of random passwords per minute, and eventually many succeed because so many passwords are easy to guess.

Make your passwords as strong as they can be. Experts recommend that passwords be at least 10 characters long, contain upper- and lower-case letters, and at least one number, and at least one character. A unique password should be used for every account.

Consider having your IT experts force employees to change their passwords frequently. Many companies have enacted this to improve cybersecurity. While you may hear a lot of complaints, in the end, it will improve your cyber defenses.

3. Add multi-factor authentication: You’re probably familiar with this technology already—banks and credit card companies use it as an added layer of security. After inputting a password, a text message may be sent to the account owner’s smartphone with a code that must be entered into the site. Other two-factor methods include automated calls with codes, additional emails, and so on.

Multi-factor authentication improves security by adding another layer of protection between someone wishing to access a system and the system itself. Even if the password is cracked, two-factor authentication may stop entry into the account by insisting on verification.

4. Update anti-virus protection: If you’re still running the same antivirus software that came with your computer, it’s time for an update. Antivirus software must be updated frequently to keep up with the new and emerging threats.

Make sure that when your software prompts you to download an update, you do so. It is also important to keep all your software (not just your antivirus software) updated.

5. Switch to cloud-based software: By now you’ve probably heard all about cloud computing and cloud-based software. Cloud software enables your team to log on from any internet-connected device to your company’s systems. Most cloud hosts have additional security measures and protection in place, more so than your organization can add on its own. They also back up systems so if anything should happen to your data, it can be restored without much of an interruption.

Moving from site-based software to the cloud may be easier than you thought. Speak with a software consultant well-versed in nonprofits and your organization’s unique accounting needs before choosing a cloud provider to ensure the transition goes smoothly.

Cybercrime may be a constant threat, but there’s much you can do to prevent it. These tips, along with the right technology, can go a long way to protecting your organization.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Tips to Prevent Cyber Crime at Your Nonprofit

By | cyber security, Nonprofit | No Comments

According to Fintech News, cybersecurity attacks have increased 80% over the past year. If you think only big companies or for-profit companies have to worry about cybercrime, think again. Criminals often target nonprofit organizations because they know that many lack the internal IT resources to prevent an attack.

Don’t fall victim to a cybercriminal. Here’s what you need to know to stay protected.

Know the Risks, Upgrade Your Defenses

In order to protect against cyber-attacks, it’s important to know where the potential risks lie in your organization. Common ways in which criminals attack computer systems include:

  1. Unsecured WiFi: Your office WiFi may have strong password protection, but if you allow employees to telecommute, their systems may be open to attack. During the pandemic, many nonprofit organizations allowed their employees to work from home. Some employees have secure networks but not all do. An unsecured WiFi network or one with a weak password is ripe for the picking by cybercriminals who can easily grab valuable passwords and data.
  2. Phishing emails: Phishing emails are disguised to look like they come from a reputable company such as your bank or credit card company. However, when you click on the link, they direct you to a site that captures your login information.
  3. Phishing phone calls: A new angle on the phishing email is the phishing phone call. In this instance, a caller contacts an assistant, usually an executive or administrative assistant, claiming to be from a reputable company and asking for the CEO or another chief executives’ login information. Many assistants have such information handy, especially if they respond to emails or schedule meetings on behalf of an executive. If this sensitive information is given out, the thieves use it to access critical systems.
  4. Trojans, spyware, and malware: Trojans, spyware, and malware can infect a computer just by casually browsing an infected website or accidentally clicking an infected link. They can then be passed along unintendedly to other computers, enabling hackers to access systems or hold data for ransom.
  5. Failing to update software: Software patches, plugin updates on WordPress websites, and similar updates aren’t nuisances. Companies release them to patch known problems in the coding. Failing to update software is like leaving the key under the doormat and hoping a burglar won’t think to look there.

Even if your organization is small, you can still take steps to prevent an attack from any of these areas.

5 Ways to Protect Your Organization’s Data

You don’t need an army of cybersecurity experts to protect your organization’s system. Most nonprofits can take the following steps on their own to greatly lower their risk of cybersecurity issues.

  1. Upgrade security software: Invest in better security software and take the time to update it when prompted by the manufacturer.
  2. Upgrade hardware and software: Older computers and software are more easily hacked than newer products. Set aside budget for updates to your hardware and software each year.
  3. Avoid donated hardware: Although donated computers may be a nice gift, unless you know the donor and can have a security expert wipe them clean, avoid using donated equipment.
  4. Use strong passwords: Insist that all employees use strong passwords, and make sure everyone changes their passwords monthly. Strong passwords typically consist of random arrangements of lowercase and capital letters, numbers, and symbols.
  5. Train your employees: Many cybercrimes occur due to employee mistakes, such as using weak passwords or falling for a phishing scam. Teach your team what to look for to spot phishing emails; misspelled words, blurry logos, company URLs that don’t look quite right. When in doubt, close the email and open up a separate browser to log in and check for messages. Training is often enough to prevent many cybercrimes.

Nonprofit organizations have fewer resources to combat cybercrimes. But that doesn’t mean they can’t take steps to prevent crime. Just as even the poorest homes have locks on the doors to keep thieves out, you can put virtual “locks” on your data.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

3 Tips to Improve Website Security

By | cyber security | No Comments

According to Cyber Observer, 68% of businesses feel their cyber risk is increasing. Worldwide, cybercrime is projected to hit $6 trillion by 2021.

If you think you are immune from cybercrime as a small nonprofit organization, think again. Many criminals target small businesses, especially nonprofit organizations, because they know they lack the staff and the resources to front a defense against cyberattacks.

The old truism that the best defense is a good offense holds true with cybercrime as well as in other arenas. Here is your 3-point plan to stop cyber attackers in their tracks.

  1. Use a trusted hosting provider.

It’s tempting to go with the cheapest web host for a recurring expense such as web hosting. However, cheaper hosting companies may not install the best security. Since many attacks occur at the hosting level, choosing the best company you can find is essential.

How do you pick a good host for your website? Look for a site host with the best storage, bandwidth, support, and backups. Having 24/7 support is also essential. If your site undergoes an attack, knowing that someone is available to help is a huge plus.

  1. Install an SSL certificate.

SSL stands for secure socket layer, and it adds the little “s” at the end of the http:// you see at the start of website addresses. What it actually does is protects any information entered into your website by adding a secure and encrypted connection between your browser and the customer’s connection.

Search engines such as Google look for SSL certificates installed in website code as part of their evaluation criteria to gauge the trustworthiness of websites. Google uses it as part of its search engine ranking criteria. For your donors, members, and customers, the SSL certificate adds one more level of protection for their personally identifiable information and payment information.

  1. Update plugins, patches, and code.

You don’t need an IT degree to update plugins, patches, and software code. Most software providers send notices to users when updates are available. Ignoring these because they’re inconvenient can lead to trouble. Often, software companies develop such patches and updates because they’ve discovered loopholes in their code which hackers exploit. By updating known security issues, you’ve added one more defense to your site.

The same goes for plugins which are used on WordPress based websites. Plugins add a wealth of easy customizations to websites built on the WordPress platform which makes them very popular. The flip side is that with this popularity and increased use, comes more opportunities for hackers to exploit plugins as a means of entry into websites. The purpose of updating plugins is the same as updating other software. It closes any gaps and adds better protection.

Other Ways to Prevent Cyber Crime

There are other steps you can take to prevent cybercrime. Educate your team on how to spot phishing scams. These scams are sent via email and try to trick the target of the scam into revealing login information or personal information that can be resold. Many phishing emails appear to come from known entities (like utility companies or well-known name brands like Amazon, Google, or eBay).

Any emails that come without warning and ask users to log into a site should be scrutinized. If you feel the email may be legitimate, close your browser and open it again to the website you wish to log into. Do not click any links in the email.

Such simple steps can save you a great many headaches later. Cybercrime can be a nightmare for a small business and a nonprofit organization. Personally identifiable information can be resold. Each personal record is worth anywhere between $20 and $25 on the black market. To a customer, donor, or member of your organization, however, their personal information is priceless. The resulting firestorm of bad publicity and potential lawsuits can quickly overwhelm a small nonprofit.

Now is the time to prevent cybercrime from harming your organization. What steps will you take to prevent it?

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

 

 

Know Your Scammers – Cyber Fraud Signs

By | cyber security, Fraud | No Comments

Many of us grew up with Saturday morning children’s cartoons. Is it me, or did every cartoon villain look the same? They always tiptoed towards their intended target and hoisted big empty sacks over their shoulders (the better to cart away their loot!). Everything about them screamed VILLAIN in all-caps. 

Well, of course, it was easy to identify the bad guys in those old cartoons. After all, they were created for children’s entertainment, and kids like things simple. But don’t we all? We all long for it to be easy to identify the “bad guys” out there, and that includes cyber crooks as well as the classic cartoon crooks.

As organizations struggled to cope with the many changes initiated by the coronavirus pandemic, cyber crooks were already on the hunt for their next victim. Many found easy targets among the small businesses, including nonprofits, in turmoil. Without the routine of daily interactionism among employees, easy access to communications to reach fellow workers to ask questions, and looser security among IT networks to enable workers to work from home, cyber crooks didn’t need to tiptoe around in the dark. They acted boldly, and many succumbed to their lures.

Don’t be caught by cyber crooks this year. Know the signs of cyber fraud and protect your nonprofit from the current scams as well as general scams aimed at stealing your data.

Email Fraud – CDC Fake Emails

It was inevitable that criminals found a way to exploit people’s trust in the CDC. One common cyber fraud scam sent emails purporting to be the CDC to organization owners with a link in the email text encouraging them to click for more information.

Savvy recipients spotted several issues with the “CDC” emails that can help you recognize and avoid such phishing emails in the future.

  • Recipients hadn’t contacted the CDC and wondered how the CDC obtained their email addresses.
  • Sharp-eyed people recognized that when they held their mouse over the CDC link, it pointed to another website. 
  • The wording, spelling, and grammar weren’t quite right in the email. It was as if someone had run the text through Google’s translate feature. (Perhaps they had)
  • The email requested personal information to respond, including the recipient’s email address and corporate login information. The CDC wouldn’t ask for that information.

These are all signs of a typical phishing email. Other signs include a generic salutation, fuzzy logos (because they are cut and pasted from the web), or fonts that look odd compared to actual communication from the company, firm, or government agency.

When in doubt, never click a link. Instead, log into a fresh browser screen and visit the site on your own. If there is no message pertaining to the topic of the email, it’s likely it was a phishing scheme.

Specific Nonprofit Risks

As a nonprofit organization, you’re probably soliciting donations online right now to make up for lost revenues from cancelled in-person events.

However, constituents are bombarded right now with both legitimate and not-so-legitimate requests for funds from charities and fraudsters pretending to be charities.

How can you help them distinguish between actual charitable solicitations and fraudulent ones?

  • Remind constituents that they can always visit your website and donate on their own—they do not need to do so through the link in your email (a cyber crook would never say this).
  • Through your website, continually offer updated information on funding campaigns, progress towards goals, and financial information.
  • Remain transparent with all financial dealings.

The key to helping constituents feel comfortable enough to give online is to maintain clear and honest communications about your nonprofit’s finances. Now is the time to offer great transparency into your organization’s finances and to reassure donors at every step of the way that their money is being put towards the work of the organization.

Mitigating Cyber Security Threats with the Right Technology

Awareness and training go a long way to reduce the risk of cyber fraud, especially phishing schemes like the first one we described. Nonprofits can also reduce their risk by maintaining dedicated VPN lines, special inbound connections with encryption that keep their servers secure.

Overworked IT departments, older software, and similar factors can make your nonprofit vulnerable. Close these gaps now before it’s too late. In 2019, data breaches exposed over 4 billion records, and the companies in the thick of such data breaches found themselves embroiled in months of clean-up work. Not all of these companies were big corporations, either. Small businesses and nonprofits are especially vulnerable because cybercriminals know they don’t have a big team of IT professionals on call to handle cybersecurity.

Take time now to update your systems, review cybersecurity procedures, and work with a company such as Welter Consulting to prevent cyber fraud. Criminals don’t tiptoe through backyards carrying big sacks like in the cartoons. They sneak in through emails, attack vulnerable software, and look for small businesses unable to fight back. The time to shore up your defenses is now.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.