Even if your organization doesn’t accept online payments, your organization still has something that cyber thieves want. Think about, most likely your organization has a database full of people’s addresses, demographics and other vital statistics. While this information is extremely valuable to cyber criminals, it is not just about stealing the data, cyber criminals can gain access to your system and simply hold it for ransom forcing you to pay them to release your access back to you.
So how do you keep your data safe?
First, consider the software you are using. If your organization is using outdated software you are at risk. For example, Windows XP it is no longer supported by Microsoft, this means that there are updates to security features and no patches for any “holes” in the software. Which leaves you open to a data breach.
Along those same lines, if you use open source software, you may want to consider discontinuing that practice. Open source software may be affordable but it is notoriously unsecure.
While updating your software might cost some money, it is certainly a lot less expensive than suffering a massive data breach that ruins not only your reputation with your donors, but could result in some monetary damages.
Along with updating your software it is important to keep your antivirus programs and firewalls up to date.
Next, if you do accept online donations or credit card payments make sure you are using a reputable online payment processor. Don’t be afraid to ask questions about the security of your payment processing system.
Consider your internal controls. Do you have a policy in place for granting access to volunteers or employees? Remember not everyone on your staff needs have access to your entire database. Limit access to only those who truly need it for their day to day functions. A volunteer who comes in once a week to help with copying or mailings, doesn’t need access to your entire database.
In addition to limiting access another simple, affordable thing you can do is have and enforce a password policy. No one should be able to access your network or database without having a password.
In addition, you should have a policy in place regarding the strength of the passwords---that means no communal ‘1234 password’ to your data.
Never assume that your employees and volunteers know how to spot a phishing scam or can recognize a social engineering attack. Take the time to educate your staff and volunteers on how to avoid falling for one of these tactics.
Also, it is time to set a policy for old technology such as laptops and cell phones. They cannot be disposed of without first wiping the units of any sensitive stored data.
Staying one step ahead of cyber criminals is a never ending task, but one that is vitally important to your organization.