Wise Giving Wednesday: Cybersecurity for Charities
Cybersecurity is a growing issue of concern for charities as they are not immune to the same type of challenges faced by businesses. We thought it would be helpful to identify some basic steps that organizations of all sizes can take to better protect themselves. Of course, this is just a start and charities should seek out additional guidance to further strengthen their online security measures.
- Backup Data. Charities should make sure they periodically backup all their data. The more frequent the backup, the better protected the charity will be from threats such as ransomware attacks.
- Protect Against Malware. Charities can subscribe to a malware and virus protection service that automatically updates security for all the laptops and computers used by the charity. This will help prevent inappropriate and malicious programs from being accidentally downloaded.
- Secure Staff Devices. During these pandemic times, many charity employees are continuing to work from home. One way of reducing risk security breaches is to make sure all staff are using laptops and other devices supplied by the organization as opposed to their own personal computers. Home-use devices might already be infected or may have a higher risk of accidental exposure when a staff member is using the same machine for personal needs. It is safest to have a work-only device being used by charity staff.
- Establish Strong Password Procedures. Encourage staff to create more secure passwords for computers and programs used for work. In addition, charities might establish staff policies to require periodic password changes to help ensure greater protection over time. This may be more of a challenge as understandably it can be inconvenient and annoying to change passwords one uses on a daily basis. For a tighter security option, charities might also consider a two-step verification process, for accessing their programs and/or data. This adds an additional layer of protection.
- Alert Staff About Security Risks. Another valuable measure is to remind staff to be alert to suspicious emails and other communications that include links and/or attachments. These are some of the most common ways of unleashing a virus, malware and/or enticing someone into a phishing circumstance where they share personal or charity data. This area is becoming more difficult to guard against since some malicious messages may look like they are coming from a familiar source. Sometimes there are clues such as misspellings in the message and/or the sender having an odd address.
For additional tips and advice, listen to the Heart of Giving Podcast featuring Matthew Eshleman, Chief Technology Officer of Community IT with offers IT support services for nonprofits. Also, review these cybersecurity resources available on bbb.org.
Video of the Week
In addition to the Heart of Giving Podcast, Matthew Eshleman joined us for a Coffee with Colleagues event to discuss the current state of cybersecurity and how charities can best protect themselves.
Heart of Giving Podcast
In this week’s Heart of Giving Podcast, our guest Hannah Allen talks about the significant work she is doing as the Chief Program Officer of the E3 Alliance which is a collaborative of businesses, government, and nonprofits all working together to eradicate sex trafficking in San Diego.
We are always working with charities to publish or update reports for donors. Visit Give.org or local BBBs to check out any charity before giving. Our recently evaluated charities include:
Finally, remember to let us know by going to give.org/charity-inquiry if you are interested in seeing a report on a charity not on the list and we will do our best to produce one.
H. Art Taylor, President & CEO
BBB Wise Giving Alliance