Nonprofit cybersecurity for donors is essential to prevent ill-intended users from accessing personal and financial data. Their trust, generosity, and respect for your mission allow you to make an impact on the communities you support. Yet, according to a study carried by the Institute for Critical Infrastructure Technology, at least 50% of nonprofits have been targeted by one type of malware. Cybercriminals assume that these organizations don’t spend many resources on cybersecurity, which makes them a prime target. The donor information they store can be sold on the Deep Web, anywhere from $1 USD to $2000 USD, depending on the type of document.
To help minimize cybersecurity incidents, we have created this article to get you started with 5 cyber tips to keep your donor data safe:
1. Nonprofit Cybersecurity For Donors: Store Donor Information in an Encrypted Database
Data encryption provides an additional layer of security for you and your donors. As data breaches increased in 2021, more organizations have started to look at data encryption processes. This type of process converts your data into a “cypher text” using an algorithm that cybercriminals won’t be able to easily access.
Here are 2 main benefits of having data encryption:
– Minimize Cyberattacks: By having a database encryption process, cybercriminals will find it harder to access and steal your donor data.
– Maintain Security Regulations: Having a data encryption process will guarantee that you’re compliant with security regulations to avoid legal issues, in the occurrence of a data breach. Stay updated on your state’s privacy regulations on personal information management.
2. Nonprofit Cybersecurity For Donors: Get Creative With Your Passwords
Believe it or not, “123456” is still the most common password among users according to Cybernews. Having a strong password is a network security must-have if you want to keep hackers out of your nonprofit. Nowadays, there are plenty of password managers that can help you store all your passwords, ensuring you don’t forget any credentials and preventing the common mistake of using the same credential twice. Platforms such as LastPass and NordPass are great tools to start with.
Also, as a general cyber hygiene tip, remember to change your passwords once a year at least. It will decrease the chances of getting your credentials compromised.
But before you store any password like “1q2w3e,” or “1q2w3e,” read our passwords Do’s and Don’ts:
3. Nonprofit Cybersecurity For Donors: Limit Who Has Access To Sensitive Information
As a nonprofit, in addition to your permanent staff, huge influxes of volunteers and interns throughout the year are incredibly common. This rapid-changing work environment can be the perfect scenario for a cybercriminal to access and steal your donor information.
Think of it this way: Your organization hires two or three interns for the summer who continue to have access to your server and sensitive data, even after their time with your nonprofit is over. One of your former interns’ devices gets infected with malware, which ends up contaminating your server too. As a result, cybercriminals steal your donors’ data and available funds. Sounds like an apocalyptic scenario, doesn’t it?
You’d be surprised to learn that this type of mistake in user management happens more often than you think, especially in organizations that lack clear and updated cybersecurity policies. Having both a designated person to take care of network security and a set of steps to follow when deactivating a user’s account is a must-have nowadays. It will help you manage who has access to which types of data and will speed along the recovery process in case of a cybersecurity attack.
4. Nonprofit Cybersecurity For Donors: Create Backups
By now, you may have heard of Ransomware attacks. These types of malware are usually delivered through phishing emails which trick users into clicking on or downloading a file. After your device is infected with ransomware, cybercriminals will easily spread through your network and compromise your entire organization. As a result, hackers will have encrypted all your data, preventing you from accessing it, followed by their asking you for ransom.
By creating regular backups, both in a physical server and the cloud, you will continue to have access to your data in case of a cybersecurity disaster. Cloud options, like OneDrive from Microsoft or Sync.com, can help your nonprofit manage its data.
But remember, in the occurrence of a ransomware attack, a backup will not guarantee that the stolen credentials aren’t for sale on the Deep Web. A backup will help you keep operations running while your cybersecurity expert contains the attack.
5. Nonprofit Cybersecurity For Donors: Have a Dedicated Cybersecurity Expert
Many people falsely believe that IT and Cybersecurity experts have similar expertise, when in reality, both professionals have very different responsibilities. The security of data and the resources that store it are an InfoSec professional’s primary concerns.
IT staff are often unfamiliar with cyber-criminals’ behavior and habits, and are incapable of identifying threats which could potentially add unknown risks to an organization. InfoSec staff help to monitor digital assets to quickly detect an ongoing attack and contain it in the shortest timeframe and most efficient way possible.
Therefore, having network administrators and IT staff responsible for building a secure environment can also lead to overworking, due to their limited knowledge of InfoSec. This issue leads to mistakes, including misconfigurations, missed unpatched vulnerable resources, privilege accumulation and escalation, and unnoticed ongoing attacks from malware and phished stolen credentials.
Essentially, cybersecurity and data protection make up a full-time job that should have a professional’s focus, instead of it being left as an additional workload for an already full-time employee.
Additional Resources
Learn more about the state of nonprofit cybersecurity
Create backups and keep your data safe from cybercriminals using this tool
This Guide will help you understand how nonprofit cybersecurity for donors can benefit your organization.
This checklist will help you understand where your organization is vulnerable. Use them as a starting point in your next cybersecurity meeting.
This article will help you understand what are the main differences between IT and InfoSec professionals.
