It’ll never happen to us. We’re not Yahoo, Target or the federal government. We’re just a little nonprofit. What would hackers want with us?
It’s shocking how often we hear this. Nonprofits store the private information of hundreds if not thousands of donors and contacts in their online donor management software. Nonprofits typically don’t have the budget to purchase the latest security software or pay experts to remotely manage their security.
Valuable information and traditionally weak defenses add up to a very appealing cyber security threat. Why would a hacker not go after nonprofits?
Understanding the Threat Landscape
Today’s cyber criminals don’t match the old stereotype of the 20-something hacker who lives in his parents’ basement.
Today’s cyber criminals are well-organized, well-financed and highly sophisticated. Cyber attacks are automated to carry out as many attacks as possible on as many organizations as possible. The goal is to steal sensitive data and sell it to the highest bidder. Some modern hackers try to take down entire organizations and governments.
Today’s cyber criminals aren’t just technical geniuses. They excel at using phishing email scams to pose as an executive and convince even the most cautious people to click links, download documents, and hand over network credentials.
Once this goal is accomplished, the most popular form of attack these days involves ransomware. Malware blocks access to critical data, and the attacker then threatens to permanently delete it unless a ransom is paid within a specified time frame.
A report from Osterman Research found that the number of ransomware attacks doubled or tripled each quarter in 2016. Nearly half of all surveyed organizations were attacked with ransomware within 12 months of the study.
Minimize your Nonprofit’s Cyber Security Risks
Obviously, every nonprofit organization should invest in the best security tools and expertise they can afford. But there are actions you can take today to reduce the risk of a data breach.
- Make sure security is baked into everything you do. This applies not only to technology, but to everyday processes. Otherwise, you can end up with security gaps that are difficult and expensive to retroactively correct.
- Educate your team. Explain the seriousness of security threats. Train them on signs of a phishing email, such as unofficial “from” addresses, misspelled words and other errors, generic greetings (“Dear Customer”), requests to take urgent action, or requests to provide or confirm personal information. Implement a process for reporting suspicious emails and other content.
- Be smart with passwords. Change default passwords immediately and require the use of complex combinations of letters, numbers and characters. Update passwords every month. The headache of password management is nothing compared to a data breach.
- Backup, backup, backup. All documents and donor information should be backed up to an offsite location. Many cloud-based backup solutions will automatically backup your data and enable you to access it from virtually any device to prevent data loss and disruption to operations.
- Notify those affected by a breach. The best defenses in the world might not stop the best hackers, so put a process in place for notifying anyone whose information is compromised should a breach occur. Transparency and a quick response will limit the damage to your nonprofit organization’s reputation.
Cyber security is a high priority in Eleo online donor management software. Our infrastructure is hosted in the Microsoft Azure cloud platform, where it’s constantly monitored, updated and backed up to keep your data safe. Contact us to schedule a free demo.