Nonprofits need cybersecurity, too

If you collect it, you have to protect it

CreditCard-060717_shutterstock_529087825Hundreds if not thousands of organizations and businesses are hacked each year. Cybersecurity experts scurry to protect government agencies, the banking industry, retail companies and health care conglomerates.

Unfortunately, nonprofits handle sensitive data daily and also are targets of cyber-thieves. Client records, donor information, confidential emails and hundreds of other transactions pass through these organizations — extremely valuable information, especially on the black market.

The key for nonprofits is to implement cybersecurity policies and practices.

All businesses know that if you collect it, you have to protect it. All organizations need to stop and think about their priorities for data security.

Hackers steal money or sell private information for a profit, or may do something malicious simply because they don’t like an organization.

Marquette’s Center for Cyber Security Awareness and Cyber Defense can help organizations develop a practical, risk-based assessment of what cyber-defenses it should take. Marquette’s approach has been designed by experts to be used by any size organization that collects and keeps data, and it works equally well for businesses or nonprofits.

Some of the top cybersecurity threats to nonprofits include:

  • Weak or nonexistent password policies: If a nonprofit allows vendors or members to access info on its network via a password, a comprehensive password policy needs to be enacted. Nonprofits should consider using a two-factor authentication and minimum lengths for passwords. Mixing up the types of characters used (numbers, letters, symbols) and not using words found in dictionaries are typically strong passwords.
  • Falling victim to phishing and malicious links in emails and website pop-ups: Professional training is helpful to teach employees how to protect against malware, viruses, spyware and other items with just the click of a mouse button. Often times these ‘phishing emails’ ask the recipient for login information, credit card numbers or other personal private information.Strict policies should be developed on what employees can download from the internet.
  • Old, unsupported software: With tight budgets, many nonprofits are still using old software that no longer is supported by its developer. Consider investing in upgraded computers. The older the operating system the more vulnerable computers and networks are to data breaches.
  • Using open-source software: This type of software is extremely susceptible to data breaches.
  • Not using a reputable online payment processor: Nonprofits take membership dues and fees for events and conferences. If a nonprofit doesn’t use a reputable online payment processor, it is vulnerable.
  • Lax security measures: Policies should be in place to ensure laptops, desktops and mobile devices are wiped clean, and access is denied whenever an employee leaves the company.

More posts from Tom