As a nonprofit, you have a mission, and that's usually a contribution or benefit to society, people, the environment, animals, or some other cause.
Whatever it is, you provide a service without the reward of big profits. You're humble.
What you make is funneled back into programs, staff, and projects. So, you're safe from hacking, right? Who would want to hack an organization that doesn't have much money or large databases of unknown personal and private information?
It's simple: People want to hack your organization because you're an easy target.
Hacking: A Serious Problem for Nonprofits
Hacking is a serious problem for nonprofits. When a hacker attacks, it's not just the nonprofit's information that they want, but donors' information. If a hacker is successful and obtains donor information along with anything and everything else, there can be several consequences.
- The nonprofit's projects and programs might be stalled while it reacts and strengthens its website.
- The organization may lose its ability to receive donations for a certain period of time.
- The organization may also lose credibility and donor trust.
These consequences are serious no matter how large or small a nonprofit is. Its reputation is at stake, and in today's environment, that means almost everything to the survival of a nonprofit.
Identify a Hack: Signs of the Attack
Your organization can be attacked from many fronts. The following are some things to consider, and if anything looks suspicious, you should take immediate action.
Server
You'll know your server has been hacked if you receive ransom messages, fake antivirus messages, unwanted browser toolbars, redirections of Internet searches, or frequent random pop-ups. Other signs include passwords not working, unexpected software installations, disabled anti-malware software, webcam light flickering, or automatic movement of the mouse.
Website
Your browser may be the first to alert you to an attack. If it identifies one, you may see a red screen with warnings or other disclosures that indicate that something is obviously wrong. Other indications include
- Your website disappears.
- Your website is super slow to open or crashes.
- Your website displays another website or inappropriate or unrelated advertisements.
- Weird code fragments are at the top or bottom of your site.
- Emails are sent to spam folders.
- Your web application is not doing what it is supposed to do.
- Files have changed, or strange, large files appear.
Facebook
You can check your Facebook under Settings to determine if you have been hacked. Choose Security and Login and then Where You're Logged In. A list of devices that you've logged in to and their locations will appear. If there is a login you do not recognize, you may have been hacked. Other signs to look out for are
- Email or password changes
- Messages sent that the organization did not write
- Posts published that the organization did not write
Of course, other social media can be hacked, but Facebook will likely have the most information on you and your followers, depending on how you interact with followers.
Counter a Hack: What to Do Once You Realize You've Been Hacked
There are specific actions you must take if you realized that you've been hacked.
- Inform all partners, donors, or anyone else associated with the organization and whose data may have been compromised. Notify them in writing.
- Check your federal and state laws regarding data breaches. You may be required to file a notice of breach with your state attorney general's office.
- Call a forensics team or cybersecurity experts to determine the type of hack, what part of the network was affected, and how to secure the data going forward.
- Notify local and federal authorities in case the hacking of your organization is part of a wider hacking scheme.
Prevent a Hack: Tips to Prevent It from Happening Again
There are several things an organization can do to safeguard against hacks. Prevention is threefold: (1) customer databases, (2) policies, and (3) protection.
1. Mitigate Your Potential Loss in Donor and Partner Databases
Limit the amount of customer information maintained and store it with backups. Make it a practice to purge donor or partner information once the data is no longer relevant or necessary.
2. Raise Internal Awareness and Set Up Training and Policies
All nonprofits should have ongoing awareness-raising mechanisms on basic security for their network and computer systems, and specific policies on data security. Employees and volunteers should be able to identify suspicious activity and know what to do if suspicious activity is experienced. Passwords should be changed on a regular basis.
Employees and volunteers should also be prevented from using external devices on nonprofit computers. For example, USBs are avenues for malware to be transferred from one computer to another computer.
3. Protect Your Organization
You must always use encryption software, firewall protections, and cybersecurity software that hunts for viruses and malware. You may also want to consider cyberinsurance. Always ensure that software is updated on a regular basis.
Nonprofits: Know the Most Effective Security Protection to Take
Schedule an IT security consultation. IT security consultants are your best line of protection. An IT security consultant can review your system and policies and can provide an unbiased professional analysis of what policies and procedures must be implemented.
Additionally, IT security consultants can be more practical for a nonprofit that can't afford either an IT team or a security breach. An IT security consultant can ultimately initiate workforce performance and productivity improvements. With an IT security consultation, you get more than just protection; you also gain an understanding of your organization's vulnerabilities and a holistic approach to mitigate risks.
Additional Resources: IT Security for Nonprofits
