As nonprofits take advantage of technology to augment their operations and work remotely to keep staff and volunteers safe during the COVID-19 pandemic, it’s critical for them to adopt robust security measures.
While hackers have always targeted nonprofits, cybersecurity experts claim that cyberattacks have spiked alarmingly of late. Moreover, they claim that nonprofits lack the security protocols to defend themselves from those with malicious aims.
Hackers try to steal sensitive data about donors, like phone numbers, credit card information, addresses, and social security numbers, to commit blackmail or identity theft. Other cybercriminals use ransomware to simply lock a nonprofit’s systems until a fee is paid. Ransomware is incredibly destructive as it can hurt a nonprofit in terms of finances and reputation.
Common Types of Cybersecurity Attacks Against Nonprofits
- Malware attacks: Malware such as ransomware, spyware, worms, and Trojan horse attacks are types of malicious code designed to disrupt operations or steal from your nonprofit. Nonprofits use comprehensive cybersecurity software to protect themselves from malware attacks.
- Phishing Expeditions: Cybercriminals send fake emails with malicious links to trick people into handing over their confidential information in a process called phishing. Nonprofits are attacked with Spear Phishing, which is a more dangerous and targeted form of phishing that appears to be from personal contacts. Nonprofits train their employees extensively to recognize phishing attacks in order to avoid disaster.
- Man-in-the-Middle (MITM) attack: Hackers use MITM attacks to take advantage of network security holes and steal data or eavesdrop on confidential conversations. Organizations use robust firewalls, network security tools and train their employees to avoid unsecured WiFi networks to protect themselves from MITM attacks.
- Denial-of-Service (DOS) attack: A DOS attack crashes a nonprofit’s networks, servers, or systems with a barrage of coordinated requests to the database. Usually, such attacks target high-profile nonprofits that have the resources to adopt security measures.
What Else Do Nonprofits Do?
Nonprofits today use the most secure software to keep their donor information safe from online attacks. For example, more organizations are turning to the fundraising software found in Sumac nonprofit CRM due to its trusted PA-DSS certification.
The CRM’s databases are also hosted on the world-class infrastructures of Amazon Web Services (AWS). Of course, the data transferred to this cloud is secured through the highly encrypted Transport Layer Security (TLS) protocol. Also, regularly unit testing databases is crucial for security of the system.
In addition, nonprofits customize this CRM itself to give access to constituents only on a need-to-know basis, which further secures data. For example, sensitive information may not be available to caseworkers and is only viewable to administrative staff.
Another critical step nonprofits take to enhance security is that they regularly update their systems and applications to plug security holes. They also invest in legitimate software because they realize that unauthorized software usually carries dangerous malware.
Employees that access information through mobile devices are encouraged to use secured networks instead of unsecured public WiFi. Staff are also encouraged to set sophisticated passwords that use many characters and feature numbers and symbols.
Nonprofits also use encrypted hard drives and regularly back up their data to cloud networks to protect their information in case of a security breach. While the steps that such organizations take to enhance their security may seem tedious, they’re of great importance in an increasingly unsafe online world.