Article Photo Nonprofits Beware: You Can Get Hacked Too How to know if your organization has been hacked and what to do if you have TechSoup - October 17, 2018 As a nonprofit, you have a mission, and that's usually a contribution or benefit to society, people, the environment, animals, or some other cause. Whatever it is, you provide a service without the reward of big profits. You're humble.What you make is funneled back into programs, staff, and projects. So, you're safe from hacking, right? Who would want to hack an organization that doesn't have much money or large databases of unknown personal and private information? CHECK OUT MANAGED ITIt's simple: People want to hack your organization because you're an easy target.Hacking: A Serious Problem for NonprofitsHacking is a serious problem for nonprofits. When a hacker attacks, it's not just the nonprofit's information that they want, but donors' information. If a hacker is successful and obtains donor information along with anything and everything else, there can be several consequences.The nonprofit's projects and programs might be stalled while it reacts and strengthens its website.The organization may lose its ability to receive donations for a certain period of time.The organization may also lose credibility and donor trust.These consequences are serious no matter how large or small a nonprofit is. Its reputation is at stake, and in today's environment, that means almost everything to the survival of a nonprofit.Identify a Hack: Signs of the AttackYour organization can be attacked from many fronts. The following are some things to consider, and if anything looks suspicious, you should take immediate action.ServerYou'll know your server has been hacked if you receive ransom messages, fake antivirus messages, unwanted browser toolbars, redirections of Internet searches, or frequent random pop-ups. Other signs include passwords not working, unexpected software installations, disabled anti-malware software, webcam light flickering, or automatic movement of the mouse.WebsiteYour browser may be the first to alert you to an attack. If it identifies one, you may see a red screen with warnings or other disclosures that indicate that something is obviously wrong. Other indications includeYour website disappears.Your website is super slow to open or crashes.Your website displays another website or inappropriate or unrelated advertisements.Weird code fragments are at the top or bottom of your site.Emails are sent to spam folders.Your web application is not doing what it is supposed to do.Files have changed, or strange, large files appear.Facebook You can check your Facebook under Settings to determine if you have been hacked. Choose Security and Login and then Where You're Logged In. A list of devices that you've logged in to and their locations will appear. If there is a login you do not recognize, you may have been hacked. Other signs to look out for areEmail or password changesMessages sent that the organization did not writePosts published that the organization did not writeOf course, other social media can be hacked, but Facebook will likely have the most information on you and your followers, depending on how you interact with followers.Counter a Hack: What to Do Once You Realize You've Been HackedThere are specific actions you must take if you realized that you've been hacked.Inform all partners, donors, or anyone else associated with the organization and whose data may have been compromised. Notify them in writing.Check your federal and state laws regarding data breaches. You may be required to file a notice of breach with your state attorney general's office.Call a forensics team or cybersecurity experts to determine the type of hack, what part of the network was affected, and how to secure the data going forward.Notify local and federal authorities in case the hacking of your organization is part of a wider hacking scheme.Prevent a Hack: Tips to Prevent It from Happening AgainThere are several things an organization can do to safeguard against hacks. Prevention is threefold: (1) customer databases, (2) policies, and (3) protection.1. Mitigate Your Potential Loss in Donor and Partner DatabasesLimit the amount of customer information maintained and store it with backups. Make it a practice to purge donor or partner information once the data is no longer relevant or necessary.2. Raise Internal Awareness and Set Up Training and PoliciesAll nonprofits should have ongoing awareness-raising mechanisms on basic security for their network and computer systems, and specific policies on data security. Employees and volunteers should be able to identify suspicious activity and know what to do if suspicious activity is experienced. Passwords should be changed on a regular basis.Employees and volunteers should also be prevented from using external devices on nonprofit computers. For example, USBs are avenues for malware to be transferred from one computer to another computer.3. Protect Your OrganizationYou must always use encryption software, firewall protections, and cybersecurity software that hunts for viruses and malware. You may also want to consider cyberinsurance. Always ensure that software is updated on a regular basis. SECURITY SOFTWARENonprofits: Know the Most Effective Security Protection to TakeSchedule an IT security consultation. IT security consultants are your best line of protection. An IT security consultant can review your system and policies and can provide an unbiased professional analysis of what policies and procedures must be implemented.Additionally, IT security consultants can be more practical for a nonprofit that can't afford either an IT team or a security breach. An IT security consultant can ultimately initiate workforce performance and productivity improvements. With an IT security consultation, you get more than just protection; you also gain an understanding of your organization's vulnerabilities and a holistic approach to mitigate risks. GET EXPERT HELPAdditional Resources: IT Security for NonprofitsGet 12 Tips to Stay Safer Online.See donated and discounted security products available at TechSoup.Get more nonprofit security tips throughout the month of October. This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.