Four Simple Steps to Improve Cyberhygiene at Your Nonprofit
Estimated Reading Time: 3 minutes
By Rachel Sams
Lead Consultant and Editor
Many nonprofits possess huge amounts of valuable data. Plenty of hackers would love to get their hands on the personal data of your employees and the individuals your organization serves, as well as confidential information pertinent to your operations.
Over time, your organization will likely experience countless hack attempts. As we look ahead to National Cybersecurity Awareness Month in October, this article offers a cyberhygiene refresher inspired by guidance from the Cybersecurity and Infrastructure Agency and the National Cybersecurity Alliance. Take some time this month to nail down these cybersecurity basics. While a data privacy breach can happen to even the best-protected organization, these steps will help your nonprofit become a less vulnerable target.
Recognize phishing and report it.
“Phishing,” a type of social engineering, uses email and, often, the names of trusted individuals to seek personal information. Nonprofits and all types of businesses face phishing frequently. If you’ve ever received an email that looks like it’s from your boss urgently asking you to click a link, you’ve experienced a phishing attempt. Provide employees with regular training and reminders on how to recognize phishing. Watch out for suspicious sender addresses, generic greetings, and urgent requests to open or download an attachment. Never click on a link or attachment in such emails, and never provide personal or organizational information unless you’re sure a request is legitimate. If a communication from someone whose name you recognize looks off, call them to ask if they really sent the message. Forward any suspected instances of phishing to the person who handles technology for your organization so they can warn others.
Enable multifactor authentication.
Multifactor authentication provides an extra layer of security for your organization’s accounts. At its most basic, multifactor authentication requires additional information beyond a login and password to access organizational systems—for example, a code sent to your cell phone. Multifactor authentication creates additional hurdles for outside actors to break into a system; they’d need not only your login and password, but also the authentication code.
Organizations need to consider and address the potential for bias in multifactor authentication. Such concerns have led some nonprofits to avoid authentication options that involve facial recognition. Of the major biometric authentication methods in use, facial recognition is the least accurate, raises extensive privacy concerns, and current implementation of the technology “involves significant racial bias, particularly against Black Americans,” according to Harvard.
Mandate strong passwords.
Require all passwords for organizational software to be at least 12 characters long. A strong password should include both uppercase and lowercase letters, numbers, and symbols. Do not use a word that can be found in the dictionary in any language. Do not allow employees to use passwords similar to their previous ones. Don’t reuse passwords for multiple sites. Encourage employees to use a password manager.
Update software, firewalls, and email filters regularly.
I know—it seems like those update messages pop up every day. Before I wrote this article, I’d clicked the X to postpone a software update every day for weeks. But taking a few minutes for updates can save hours, days, or weeks of headaches down the road. Software updates can patch vulnerabilities hackers could use to get into a product. They also help protect the personal information on your device.
These simple practices can help your organization become cyberwise and keep employee, client, and your organization’s information secure. They may require members of your team to build new habits and routines. Resolve to take some time during National Cybersecurity Awareness Month to do that. I finally did that software update, which took about 20 minutes. Join me by doing the same!
Rachel Sams is a Consultant and Staff Writer at the Nonprofit Risk Management Center. She’d love to know how your organization keeps basic cybersecurity top of mind. Reach her at 703.777.3504 or rachel@nonprofitrisk.org.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
— Scott Brown, Mohonk Preserve
“BBYO’s engagement of NRMC to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of NRMC. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
— Sidney Abrams, BBYO
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
— Pamela Mattel, Basics Promesa Systems Inc
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
— Jodi Spataro, Community Foundation of Elkhart County
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
— Marti Worshtil, Prince George’s Child Resource Center
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The NRMC team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!