It’s Cybersecurity Awareness Month!

For the past 20 years, Congress has designated October as a time to highlight the importance of cybersecurity. While this reminder is for everyone, it’s especially critical for nonprofits, which often handle sensitive data like donor information and financial transactions. Cyberattacks can have devastating effects, compromising trust and damaging reputations, particularly for nonprofits that rely on donor goodwill. As such, organizations need to implement strong cybersecurity practices year-round.

For those working with a comprehensive fundraising platform like CharityEngine, much of the heavy lifting regarding data security—such as PCI and SOC 2 certification—is already handled. CharityEngine is vigilant about safeguarding financial and personal data, but nonprofits also have a role in protecting themselves from cyber threats. This is where Cybersecurity Awareness Month becomes particularly relevant. The Cybersecurity & Infrastructure Security Agency (CISA) has provided four key tips to help everyone "secure our world."

Four Tips to Stay Safe Online

Leave the PCI and SOC 2 certifications to us! When you’re sitting in your office or on your home computer, or even using a tablet or your phone to access data online, remember these four easy tips. Hopefully, they’re already part of your muscle memory. If they’re not, it’s probably the point of 20 years of designating a month to remind you!

Recognize and Report Phishing

Phishing remains one of the most common and effective methods for cybercriminals to gain unauthorized access to your data. According to a recent report, 83% of organizations experienced phishing attacks in 2022. Phishing attempts often come in emails containing harmful links or attachments. Once you click, criminals can steal personal information or infect your device, potentially compromising an entire network.

Even the most seasoned online surfers can fall victim to phishing attempts.

Since it’s not practical to ignore emails from unknown senders at work, it’s smart to make a rule that you’ll never click on links in an email you can’t trust. Look for the hallmarks of a bad email:

• Emails that threaten catastrophic results if you don’t respond immediately
• Requests for personal or financial information
• Shortened URLs
• Email addresses that don’t match the sending organization
• Common company names that are misspelled (or any misspellings)

Bear in mind that artificial intelligence doesn’t make the same mistakes humans make, so you’ll have to get savvy. In general, if you don’t know the person and recognize the email address, or you do know the person but the email looks weird, report it as spam (there will be an option in the email window) and delete the email.

Use Strong Passwords

Although we all know the importance of strong passwords, many still rely on weak or reused passwords across multiple accounts. In fact, a 2021 study found that 61% of data breaches involved stolen or weak credentials.

Many of us have a favorite password and use it, or a variation of it, on many of our accounts…

…which is a hacker’s dream. Asking Google to remember your passwords isn’t the safest idea, either.

Instead, develop a passphrase of unrelated words or a long string of numbers, letters, and symbols. Make them long and strange and hard to guess.

And don’t worry that "hard to guess" means "hard to remember." Use an online password keeper. There are many choices, and most have free plans.

Turn on Multifactor Authentication

Multifactor Authentication (MFA) adds an extra layer of security by requiring two forms of verification before granting access to an account. According to Microsoft, enabling MFA blocks 99.9% of automated attacks.

Setting up MFA is easier than ever, and most platforms and apps support this feature. However, you’ll have to prove you’re you twice before you can log into an account.

• Go to settings on your device.
• Look for two-factor or two-step authentication.
• Choose how you want to confirm your identity, such as by getting a text code.

The next time you log in, you’ll be prompted to enter the code or otherwise verify your identity before you can log in. This ensures that a stolen password alone won’t give a bad actor access to your information.

Don’t Skip Software Updates

Keeping your software updated is one of the simplest yet most effective ways to protect against cyber threats. Software updates often include security patches for vulnerabilities that hackers can exploit. According to research, 60% of breaches could have been prevented by keeping software current. To avoid becoming a target:

• Set your devices to automatically update software during off-peak hours, ensuring security without disrupting your workflow.
• Remember that the release of a software update often signals known vulnerabilities, so it’s crucial to install updates promptly. Hackers are interested in red flags announcing vulnerabilities, and they hope many will delay the crucial updates that will patch them.

Teamwork Keeps Nonprofit Data Safe

Cybersecurity is more critical than ever, and nonprofits, in particular, need to stay vigilant. With donor data and sensitive financial information at stake, implementing simple strategies like recognizing phishing, using strong passwords, enabling multifactor authentication, and regularly updating software can drastically reduce the risk of a cyberattack.

Your nonprofit CRM partner must play a significant role in keeping donor and financial data safe. If you use a third-party payment processor, research their track record and history of data breaches. When you have confidence in your partner to do their part and confidence your team is following the best-practices advice outlined above, you’re doing an excellent job of proactively protecting your nonprofit.

Safeguarding your information ensures continued donor trust and success in your mission. Cybersecurity Awareness Month is an excellent reminder, but these practices should be part of all our routines year-round.