Nonprofit organizations exist to serve the community and its members. Many nonprofits are small organizations without large IT departments, but they must remain diligent about cybersecurity. Protecting your organization is a priority that has become heightened as the amount of online activity has increased and the methods of hackers have become more sophisticated.
Nonprofit Cyber Security Risks
Online Donations
A large percentage of the donations received by nonprofit organizations are from online donations. Donors like to pay online because it is convenient for them. Nonprofits gladly accept online donations because the funds are available fast. However, online donations can be risky. Without the proper cybersecurity, a nonprofit could be vulnerable to theft via a cyberattack.
Phishing Scams and Ransomware
Great customer service requires that staff read and reply to countless emails from members, donors, the community, and partners. But emails that ask recipients to click on links or open attachments can carry security risks. Phishing scams, where the hacker steals sensitive information from a network; and ransomware, a form of blackmail, are both delivered via email.
Volunteers
Most nonprofit organizations acknowledge that they could not fulfill their missions without the help of volunteers. People have great intentions most of the time, but occasionally a volunteer may have an ulterior motive. Nonprofits open themselves up to internal fraud and compromised networks through their help. Volunteers are essential, but organizations have to be aware of the risk involved with sharing their data.
Steps To Keep Your Nonprofit Safe
Use strong passwords
Simple passwords that are used for multiple accounts are easy to guess. Every login should have a unique username and password that is long and complex. Passwords should be memorized or stored securely and never be written down on paper.
Use two-factor authentication (2FA) everywhere possible
2FA requires that a user logs in using their password and another device. By confirming identity with a text message or voice call, most hacking attempts can be avoided.
Avoid using public Wi-Fi
Hackers can mimic public Wi-Fi sources and record an organization’s activity or steal their data. Personal hotspots should be used as an alternative. If the nonprofit has frequent mobile users, it may be a good idea to research installing a virtual private network (VPN).
Secure your computer and cellphone number
Instruct staff and volunteers to keep their electronic devices in a secure location. Computers, tablets, and phones that contain sensitive information or access to networks should be password or PIN protected. Company phone numbers should also be protected, as they can be used by hackers to falsely confirm identity.
Find out if you’ve been part of a data breach
Nonprofit organizations must diligently be aware of cyber risks by monitoring their accounts for data breaches. Company email addresses can be searched regularly to see if they’ve been compromised. If a breach has occurred, notify the IT department or expert and immediately change all passwords.
Avoid phishing scams
Phishing scams happen when an impersonator pretends to be an internal user to steal organization data. Confirming the identity of anyone requesting sensitive information or funds can protect your nonprofit and information should not be entered into a non-secure website.
Keep your software and devices updated
Software updates protect data from known security vulnerabilities because they respond to current hacking methods. Recommended software updates should be done as soon as available for all programs.
Make cybersecurity part of the company policy
Everyone that is a part of your organization should be educated about cybersecurity. Written company policies about technology use and frequent training sessions will make the nonprofit less vulnerable. Account access for all volunteers, staff, and board members should also be monitored by leadership to be sure they have the correct permissions in place.
Free Resources For Your Nonprofit To Use
There are many resources available online to educate nonprofit leaders about cybersecurity. Some valuable information can be found at the following links:
Next Steps
The cybersecurity field has been growing by leaps and bounds over the last few years, but it’s not just for large corporations anymore. Small nonprofits are also at risk of cyberattacks that can compromise their mission of serving the community.
As a nonprofit organization, you need to do all you can to protect your website from these attacks so that people don’t hesitate before donating money or signing up for volunteer opportunities. If this is something you’re concerned about, contact your IT company and get started on a security plan that works specifically for your needs.
For your accounting needs, book a call with one of our experts now and find out how a good financial system helps reduce risks in your organization.
Jo-Anne Williams Barnes, is a Certified Public Accountant (CPA) and Chartered Global Management Accountant (CGMA) holding a Master’s of Science in Accounting (MSA) and a Master’s in Business Administration (MBA). Additionally, she holds a Bachelor of Science (BS) in Accounting from the University of Baltimore and is a seasoned accounting professional with several years of experience in the field of managing financial records for non-profits, small, medium, and large businesses. Jo-Anne is a certified Sage Intacct Accounting and Implementation Specialist, a certified QuickBooks ProAdvisor, an AICPA Not-for-Profit Certificate II holder, and Standard for Excellence Licensed Consultant. Additionally, Jo-Anne is a member of American Institute of Certified Public Accountant (AICPA), Maryland Association of Certified Public Accountants (MACPA), and Greater Washington Society of Certified Public Accountants (GWSCPA) where she continues to keep abreast on the latest industry trends and changes.