Nonprofit Security Issues
- Michelle Crim, CFRE
- Aug 7, 2023
- 2 min read
The phrase “ransomware attacks” has become all too familiar and yet, we never think this is going to happen to our nonprofit. That only happens to municipalities or hospitals or universities, not us, right?
Unfortunately, here’s a recent example from another consultant that will make every nonprofit very nervous.
A small organization with no paid staff and one contract administrator who found out the hard way that anyone can get hacked. Someone had hacked into the board member’s information for the nonprofit, and they quickly found themselves locked out of their bank account and website. A few weeks later, everything was resolved, but this was a very stressful situation.
How secure is your nonprofit? Who holds the literal and digital keys to your organization? The following excerpt from a Forbes Technology Council article on the most critical cybersecurity trends for 2023 may help you answer these questions.
Here are the top five:
1. Remote workforce security
o Hybrid and remote work are here to stay. Strengthen your security with VPN and multifactor authentication. Train your employees in identifying risks.
2. Phishing and social engineering
o Phishing uses fake websites to obtain personal information. Again, employee training is critical.
3. Ransomware
o Data is encrypted and held for ransom. Redundant backups, in the cloud and external hard drives, are one way to guard against this.
4. Cloud security
o This is a shared responsibility between the cloud provider and the client. Make sure you understand who is responsible for what.
5. Internet of Things Security (IoT)
o This type of security protects cloud-connected devices from data breaches.
The National Council of Nonprofits recommends a risk assessment for all nonprofits to ensure their data remains protected and confidential. Click HERE for additional recommendations.
As you move forward to secure your date, these are a few safety things you can do immediately.
Separation of duties: one person should not be responsible for everything.
Cyber hygiene: have a policy to change passwords regularly.
Due diligence: review and update who has access to bank accounts, donor data, accounting software, and other crucial records systems.
Cheers,
Michelle Crim, CFRE
Dynamic Development Strategies can help. We offer coaching, grant writing, and fundraising services for our nonprofit clients. We specialize in small to mid-size organizations because we understand your challenges. Please contact us for more information.
Comments