The Board Effect, which publishes key stats that nonprofit board members need to know, released starting figures on cybercrime. According to their report, 50% of NGOs have been the victim of at least one cyber-attack. Even more surprising is that 9 out of 10 organizations do not train their staff on cyber security.
When nonprofits fall victim to cyber-attacks, it does more than create a headache. It can harm their reputation beyond repair. It can be costly to remediate the systems that are breached. It can result in lawsuits from disgruntled members or donors whose personal information has been stolen. And, given that The Board Effect report states it can take 22 days to recover from an attack, it can severely disrupt daily operations.
You don’t need to hire costly consultants or install expensive equipment to ward off most attacks. In fact, the most common way for criminals to get beyond your firewalls and first lines of defense is by tricking your own staff into divulging their information! Here, we have put together a brief list of steps you can take to mitigate many of the dangers of cybercrime. Bear in mind that no amount of preparation can ward off every danger, but with the right systems and training, you can prevent many instances.
Seven Steps to Prevent Cybercrime
Nonprofits can fall victim to many types of cybercrimes. Among those most commonly encountered, you may find phishing attacks, which try to trick people into clicking links and divulging personal information such as user names and passwords; ransomware attacks, which lock systems until a ransom is paid; malware, trojans, and viruses, all of which “infect” a computer and make the computer do something you don’t want it to do (like spam others, redirect you to a specific website, or infect other machines). The key to avoiding most of these common crimes lies in the seven steps to preventing cybercrime.
- Train employees in the basics of internet security. Teach employees how to spot phishing emails and how to avoid clicking malicious links. Educate them on why they need to choose strong passwords and change them frequently. Once you’ve provided employee training, host refresher sessions. People tend to get complacent over time. All it takes is one slip to pick up a nasty bit of ransomware or enable crooks to breach personal information in the system.
- Keep systems updated. Do you know those annoying notices to update your system? They are there for a reason. As new cybercrimes emerge, software programmers tweak the code in their systems to close gaps and protect against attacks. By updating your software to the latest version, you’re closing those gaps, too. This includes updating operating systems, specific software (accounting, payroll, operations, productivity), and software running on your peripheral devices, such as printers.
- Install the best security protection you can. Install antivirus software on every machine for your organization and ensure it is always updated and running.
- Enable firewall protection. Firewalls are sets of programs that prevent outsiders from accessing networked systems. Your organization’s network should have a firewall running to protect systems. If employees work from home, they should also have a firewall installed.
- Secure WiFi networks. Make sure your WiFi network is password protected, and do not allow employees to share passwords outside of the organization. Change passwords regularly.
- Enable 2FA on sensitive accounts. Two-factor authentication sends a code or uses special mobile authenticator apps to ensure that whoever is logging into an account is a valid user. Many social media and cloud-based platforms now use 2FA. They offer another layer of security to prevent unauthorized users who may guess a password. If the system does not recognize the device accessing it, it may prompt 2FA, resulting in a lockout that can prevent access to the platform.
- Limit employee access; set up role-based access. If your system enables role-based access, it’s a smart move, as it enables you to control who has access to which areas of a system. You may be able to set permissions so that only senior level team members can access sensitive data, reset passwords, access financial information, etc. Work with your software consultant or IT service provider to set permissions for your system.
The best defense, as they say, is a good offense. Be on the offensive when it comes to attacks against your organization. While many consider nonprofits a lesser target than large for-profit enterprises, the truth is that nonprofits typically have fewer resources to fight back against ransomware attacks and other cybercrimes. This makes them easy targets. You make your organization a much harder target for crooks by taking these seven steps to prevent cybercrime.
Welter Consulting
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.
Recent Comments