The cyber security disasters large companies such as Home Depot and Target faced seem far afield from the concerns and issues nonprofits encounter. However, similar to major corporations, nonprofits are a feeding ground of financial and personal information hackers are eager to prey on.
The primary difference between a major corporation and a small to medium-sized nonprofit is the ability to effectively mediate a security problem. Target and Home Depot possess the necessary resources and funding to absorb an attack, work through the issues, and regain normalcy. How do you think a nonprofit would be able to respond to a major security breach in their system? What if hackers were able to access the credit card information of an entire donor base, or were able to send emails to supporters allowing them to further hack a broader audience?
Unfortunately, not all nonprofits are equipped with the same administrative and monetary resources to effectively deal with security risks. If a nonprofit's online security is breached, not only will its records be comprised, but the reputation will be destroyed, and likely the entire organization itself. It’s vital that nonprofits employ the necessary due care measures in order to prevent any potential security compromises.
Why nonprofits are targeted
It’s easy to assume that as a nonprofit, you are exempt from the same security risks businesses face. Why would someone hack into a nonprofit’s website? Unfortunately, there are a number of reasons why nonprofits are a common prey of website-hacking vultures.
- Personal Identifiable Information (PII) - Social Security numbers, emails, phone numbers, and addresses are used by hackers to create false identities to be sold in underground markets.
- Phishing Attacks - "Phishing" is using fake bait to catch a victim. In online security, the fake bait can be the creation of a false website that looks nearly identical to a legitimate site in order to obtain credit card numbers, bank account information, passwords, and usernames to be used for malicious reasons.
- Donor information - Access to a nonprofit’s donor data base broadens the impact of the security breach. Beyond accessing PII, hackers target the email accounts of nonprofits. If a hackers is able to send an email from an organization to its donors, there is a greater chance they will open the email allowing the hacker to target the donor.
How nonprofits are targeted
Nonprofit’s hold the keys to a range of information attractive to hackers such as credit card statements, emails, identification numbers, etc. Unlocking a few password-protected portals opens the doors to a nonprofit's most important information. Here are a few of the most common areas hackers target:
- Website - Whether your website is hosted internally or through another server, there is a constant risk of it being attacked.
- Staff - Access to one staff members personal information such as an email account can lead to further exposure of other staff members. Remember, the majority of online security attacks are the result of human error (falling for a phishing attack).
- Social Media - Facebook, Twitter, etc accounts are targeted in a similar way hackers target emails. If a hacker can post on a nonprofit’s social media account, it’s exposing its followers to further attack.
- CMS - Accessing the CRM is the ultimate goal for a hacker. For the director of a nonprofit, this could mean the end of their organization. A security breach that involves access to a CRM compromises the trust and reputation on an entire organization.
How to prevent a security breach
Nonprofits can be strategic in addressing any future security risks. A combination of low-cost fixes and using the correct hosting software will ensure that a nonprofit's private information is protected.
- Low-cost fixes - It will pay-off in the future to have invested security funds into an online security strategy. This includes employing corrective patches, anti-virus protection, backups, administrative passwords, amongst others. These affordable fixes eliminate the majority of attack routes hackers target.
- Rules and Regulations - Staff, volunteers, vendors, and even CRM and cloud providers should adhere to the rules and regulations that apply to the nonprofit-field. Compliance issues are becoming more popular and complex for nonprofits because donors are now requiring more compliance-related controls. This is vital, because if your organization doesn't adhere to the required compliance regulations, it could result in denied funding.
- Staff - Equipping your staff with necessary tools to recognize, assess, and take action in a potential security breach will limit the damage. Encourage your staff to change passwords every 6 months, create a step-by-step process of what to do in the case of a CRM hack, and using major email provider such as Mailchimp will cut down on the exposure of your nonprofit to an online attack.
- Ask a Hacker - Hackers for Charity seeks to help nonprofit’s assess and improve their online security. These organizations, primarily composed of hackers, are sought out by various organizations to assess their online security from the point of view of a typical hacker. Check out this Ted Talk if you don’t believe me.
- CSM - Wordpress, Drupal, Joomla, and the like are large, trusted names. These providers come with the necessary security barriers and consistent testing that your nonprofit needs to ensure that its information is safe.
While we tend to think that nonprofits are exempt from the same security issues as major corporations, the risk is equally just as high. Taking the necessary precautions to safeguard against potential security breaches is making a worth-while investment in your nonprofit.
If you would like more information regarding your nonprofit's online security, contact one of our web experts today to discuss the various ways our products and solutions will ensure that your nonprofit's website is protected.