Alternate content for script

10 Tips for Nonprofit Cybersecurity

Miriam Kreykes, Community Scholar Intern, Public Relations | 7/21/2015 9:10:00 AM

With the recent exposure of 21.5 million U.S. federal employees, it is evident hacking is an increasingly pointed threat. Countless high profile companies and governmental institutions – JPMorgan Chase, Target, the Federal Reserve, the State Department – have been affected by cyber-attacks. According to the Ponemon Institute, 77% of 2,426 IT professionals questioned in five countries admitted their organizations suffered a data loss in the past year. 

Photo credit: Creative Commons

Any organization that handles money or private information is susceptible these kinds intrusions. Nonprofits are no exception. Earlier this year the Urban Institute’s National Center for Charitable Statistics was breached, affecting a system used by 700,000 organizations. Last year, we covered the ways NeighborWorks Blackstone River Valley implemented identity theft education after one of their employees experienced personal loss. A breach to an organization can easily amount to $250,000 in legal repercussions, something most organizations – especially nonprofits – do not factor into their budget. In addition to concrete costs, nonprofits that rely on public goodwill should be particularly concerned about reputation damage if they are perceived as poor stewards of private information.

But how do nonprofits combat these seemingly unstoppable, undetectable attacks? With education, awareness and a little skepticism, nonprofits can equip themselves with the skills to mitigate cyber threats.

Here are 10 powerful tips nonprofits can adopt to create a culture of cyber safety within the workplace:

  1. Accept that you are at risk. Identify and assess internal and external risks to security.
  2. A logo doesn’t make an email trustworthy. Valid businesses should not ask you to send passwords, login names, social security numbers, or other personal information through e‐mail; always question someone that requests this.
  3. Phone conversations are risky business. Cyber criminals often telephone their targets to perform what’s called “social engineering.” When talking to stranger, always ask for a callback number or for identifying information such as phone extension or office location.
  4.  Someone may be monitoring your online activity. Don’t allow PC or web browsers to remember your user ID or passwords.
  5.  Be a bad target. Cyber criminals look for the path a least resistance; creating passwords that are slightly more complicated than the next user is enough to make them leave you alone.
  6. Don’t interact with spam emails, period. Spam can be malicious, even if you just open it; hit the delete key without opening and definitely don’t open attachments from senders you don’t recognize.
  7. Not all websites are safe.  Make sure you're on a secure web server: check the beginning of the web address in your browsers address bar — it should be “https://” rather than just http://
  8. Nix the coffee shop Wi-Fi. Hackers on the same Wi-fi network can access your computer; this can be particularly detrimental if you’re using work-issued hardware.
  9. Implement secure guest Wi-Fi. Cyber criminals are known to drive by companies, access their free Wi-Fi and enter their systems so make sure your organization has a secure password that gets changed regularly.
  10. Become a skeptic. Always be aware of who you interact with, what you open and what information you give away.

To learn more about cybersecurity and cyber threats, explore our eClassroom Express webinar training, “Cybersecurity Essentials for Non‐IT Managers.” Additionally, this FTC guide is a good resource when making your security plan. 

Blog post currently doesn't have any comments.
 Security code