How to know if your organization has been hacked and what to do if you have
As a nonprofit, you have a mission, and that's usually a contribution or benefit to society, people, the environment, animals, or some other cause.
Whatever it is, you provide a service without the reward of big profits. You're humble.
What you make is funneled back into programs, staff, and projects. So, you're safe from hacking, right? Who would want to hack an organization that doesn't have much money or large databases of unknown personal and private information?
It's simple: People want to hack your organization because you're an easy target.
Hacking is a serious problem for nonprofits. When a hacker attacks, it's not just the nonprofit's information that they want, but donors' information. If a hacker is successful and obtains donor information along with anything and everything else, there can be several consequences.
These consequences are serious no matter how large or small a nonprofit is. Its reputation is at stake, and in today's environment, that means almost everything to the survival of a nonprofit.
Your organization can be attacked from many fronts. The following are some things to consider, and if anything looks suspicious, you should take immediate action.
You'll know your server has been hacked if you receive ransom messages, fake antivirus messages, unwanted browser toolbars, redirections of Internet searches, or frequent random pop-ups. Other signs include passwords not working, unexpected software installations, disabled anti-malware software, webcam light flickering, or automatic movement of the mouse.
Your browser may be the first to alert you to an attack. If it identifies one, you may see a red screen with warnings or other disclosures that indicate that something is obviously wrong. Other indications include
You can check your Facebook under Settings to determine if you have been hacked. Choose Security and Login and then Where You're Logged In. A list of devices that you've logged in to and their locations will appear. If there is a login you do not recognize, you may have been hacked. Other signs to look out for are
Of course, other social media can be hacked, but Facebook will likely have the most information on you and your followers, depending on how you interact with followers.
There are specific actions you must take if you realized that you've been hacked.
There are several things an organization can do to safeguard against hacks. Prevention is threefold: (1) customer databases, (2) policies, and (3) protection.
1. Mitigate Your Potential Loss in Donor and Partner Databases
Limit the amount of customer information maintained and store it with backups. Make it a practice to purge donor or partner information once the data is no longer relevant or necessary.
2. Raise Internal Awareness and Set Up Training and Policies
All nonprofits should have ongoing awareness-raising mechanisms on basic security for their network and computer systems, and specific policies on data security. Employees and volunteers should be able to identify suspicious activity and know what to do if suspicious activity is experienced. Passwords should be changed on a regular basis.
Employees and volunteers should also be prevented from using external devices on nonprofit computers. For example, USBs are avenues for malware to be transferred from one computer to another computer.
3. Protect Your Organization
You must always use encryption software, firewall protections, and cybersecurity software that hunts for viruses and malware. You may also want to consider cyberinsurance. Always ensure that software is updated on a regular basis.
Schedule an IT security consultation. IT security consultants are your best line of protection. An IT security consultant can review your system and policies and can provide an unbiased professional analysis of what policies and procedures must be implemented.
Additionally, IT security consultants can be more practical for a nonprofit that can't afford either an IT team or a security breach. An IT security consultant can ultimately initiate workforce performance and productivity improvements. With an IT security consultation, you get more than just protection; you also gain an understanding of your organization's vulnerabilities and a holistic approach to mitigate risks.
Originally published as "Nonprofits Beware: You Can Get Hacked Too" with the Creative Commons Attribution 4.0 International license.