Keeping your nonprofit safe from cyber attack in the year of Covid

Keeping your nonprofit safe from cyber attack in the year of Covid

Img-blog-keeping-your-data-safe-from-cyber-attack-in-the-year-of-covid

As if 2020 wasn’t hard enough, now cyberattack records are being shattered nationwide. Covid has given cybercriminals an endless buffet of cyber-based ammo and unfortunately, nonprofits are low hanging fruit.

Because many nonprofits simply do not have the time or financial resources to keep up-to-date with the latest cybersecurity advice, the cyber criminals often see them as easy targets. Donated laptops don’t get wiped, volunteers don’t always get thoroughly vetted or trained, and IT systems are sometimes not kept up-to-date with the latest cybersecurity tools.

Protecting your nonprofit doesn’t have to be hard to implement or expensive, but it does need to be strategically planned, implemented and managed. An experienced computer support company can help.

Here is what we suggest.

Security Awareness Training
If you can’t do anything else, do this. In March 2020, phishing attacks were up over 667%. A well-executed phishing attempt can cause your donor or client’s confidential information to be breached, ransomware or a loss of data. Phishing attacks have become very sophisticated. Many phishing emails do not contain links, spelling or grammatical errors or attachments. It takes a trained eye to spot today’s phishing attempts.

Typical Security Awareness Training consist of self-paced, online training followed by phishing attempts sent by you or the training vendor. You can gauge the effectiveness of the training by seeing who in your organization “bites” and then re-educate them as necessary.

Educating your staff and your volunteers to recognize these attempts is the first step in protecting your client and donor’s confidential information. If you are a RESULTS client, you can get a free 30-day trial of the training. Contact us to get started.

Back up frequently
Although you’ve implemented several layers to your security, sometimes hackers can still find their way in. This is why you need to back up data frequently, whether it’s on-site, off-site, or by way of cloud backups. In the worst-case scenario where your systems do get infiltrated, you can restore lost data from those backups.

This video takes a quick look at backup options and how they can affect your business.

Use Two-Factor Authentication
Using a complicated password to secure your system is no longer an effective way to solve the issue of cybersecurity. We tend to use that same complex password in our email accounts or bank accounts, and if one of your logins is compromised, this can result in grave consequences.Two-factor authentication (2FA) adds an extra layer of security for your systems and accounts. It can be biometric verification for devices that you own, or a time-sensitive auto-generated code that is sent to your mobile phone. This security feature works in the same way websites would require you to confirm your email address. They want to make sure that you’re not a bot or anything else.

Download: Types of 2FA from least secure to most secure.

Email Encryption
Email Encryption is a great obstruction to hackers, since it scrambles and descrambles data every time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via the company’s own network systems. In the past, encryption has been hard to use and costly. Now it can be as simple as putting your subject line in brackets. This 2-minute video explains more.

Keep systems up to date
Technology is moving at a fast pace. Hackers are always upgrading their tools to take advantage of outdated security systems, so nonprofits should do likewise to protect their valuable resources. Yet many nonprofits don’t install software updates immediately. If the update closes existing security loopholes, delaying an update exposes you to external attacks. So install software updates as soon as they are released.

Monitor connectivity
Many businesses have no idea how many computers they have, so it’s very hard to keep track of which computers are online. Sometimes a company’s computers and servers are online when they don’t need to be, making them tempting targets for attackers. It’s advisable to configure business servers properly, ensuring that only necessary machines are online and that they’re well-protected.

It’s much more expensive to recover from a data breach than to prevent one. If you’re looking to protect your business IT systems for potential threats, RESULTS can help. Contact us today.