Last month was the 20th anniversary of Cybersecurity Awareness Month. Cybersecurity is an issue of growing concern for both donors and charities as they are not immune to the same type of challenges faced by the business sector. Here are some basic steps that donors and charities can take to better protect themselves. Of course, this is just a start and BBB Wise Giving Alliance encourages readers to seek out additional guidance to further strengthen their online security measures.
Here are our cybersecurity tips for donors -
Establish Strong Passwords
Take the time to create passwords on your devices that are of adequate length and unique
. Don’t forget to update them periodically, you may want to mark your calendar to send a reminder.
Be Cautious of Social Media Recommendations
Be wary of responding to social media donation requests without taking the opportunity to verify the trustworthiness of the specified charity. Don’t assume that your social media source has vetted the charity recommendation. Visit Give.org to verify if the charity meets the BBB Standards for Charity Accountability
Don’t Click the Link
Be wary of clicking on an email link or scan a QR code until you verify the source. Scammers might seek to direct you to a false page using a well-known charity name in order to steal your private data.
Watch Out for Look-alike Names
Look at the name carefully as many charity names sound similar. Sometimes it’s because charities are raising money for the same cause, other times it’s because questionable groups are seeking to confuse you.
Here are our cybersecurity tips for charities -
Make sure to periodically backup all data. The more frequent the backup, the better protected the charity will be from threats such as ransomware attacks.
Protect Against Malware
Charities can subscribe to a malware and virus protection service that automatically updates security for all the laptops and computers used by the charity. This will help prevent inappropriate and malicious programs from being accidentally downloaded.
Secure Staff Devices
Many charity staff members are now working from home. One way of reducing security risks is to make sure staff are using laptops and other devices supplied by the organization as opposed to their own personal computers. Home-use devices might already be infected or may have a higher risk of accidental exposure when a staff member is using the same machine for personal needs. It is safest to have a work-only device being used by charity staff.
Implement Password Procedures
Encourage staff to create more secure passwords for computers and programs used for work. In addition, charities might establish staff policies to require periodic password changes to help ensure greater protection over time. For a tighter security option, charities might also consider a two-step verification process, for accessing their programs and/or data. This adds an additional layer of protection.
Alert Staff About Security Risks
Another valuable measure is to remind staff to be alert to suspicious emails and other communications that include links and/or attachments. These are some of the most common ways of unleashing a virus, malware and/or enticing someone into a phishing circumstance where they share personal or charity data. This area is becoming more difficult to guard against since some malicious messages may look like they are coming from a familiar source. For example, a charity controller might receive a scam email using the name of a real employee that requests a change in their bank account number for their payroll deposits.
Heart of Giving Podcast
This week’s Heart of Giving Podcast features a discussion with Bennett Weiner, Executive Vice President & COO, BBB Wise Giving Alliance. Bennett provides advice about donating to disaster relief charities.
We are always working with charities to publish or update reports for donors. Visit Give.org or local BBBs to check out any charity before giving. Our recently evaluated charities include:
Finally, remember to let us know by going to give.org/charity-inquiry if you are interested in seeing a report on a charity not on the list and we will do our best to produce one.