Do you think non profit organisations are safe from cyber attacks? Don’t believe that defence breaches and hacking can be a threat for your charity? The truth is that NGOs are among the top targets for hackers, as they often store large amounts of sensitive personal and financial data, without having properly secured their system from outside threats.
In this article, we will explain:
- why cyber security must be a top priority for charities,
- the importance of developing a holistic security strategy,
- and the best practices to keep your data, privacy and payments safe.
Why should you care about cyber security?
We all know FUNDRAISING IS ABOUT TRUST. If your donor's personal data are lost, or stolen and used by a third party, that trust will be broken. They may never again make a donation to your organisation or any other for that matter. It will consequently hurt your cause, fundraising efforts, and overall image.
An organisation must constantly nurture their donor relationships and protecting their donors’ sensitive information requires time, specialized skills, as well as substantial and continuous investment.
Since almost 80% of funding for not-for-profit organisations comes from individual donors, it is essential to create an environment of trust for them.
Keeping this in mind, here is a list of recommendations you should be putting into practice now:
- Devote at least 5% of your annual IT budget to network security in order to make sure you have the appropriate resources, because security is an investment but far cheaper than the cost of a breach.
- Invest time in training your staff. Organise a workshop every six months where you review your team's level of knowledge. Discuss things like passwords, firewall, malware, downloads and uses of add-ons, or usb keys and others external memory disks.
During this workshop you can also share the latest threats, discuss best practices and procedures to follow when a threat is identified, and give your team the opportunity for specific Q&A. Remember: most security issues come from human mistakes.
- Control, monitor and update who has access to what data, and make sure each individual has their own personal login and does not share it with anyone else. This includes employees, but also different collaborators and third parties such as consultants or former employees who might have a temporary login.
It’s important to restrict access only to what’s necessary, and remember to deactivate it when the job is complete. Updating passwords every few months, or when someone loses their electronic device or has the feeling their password may have been compromised, is also an evident point to keep in mind. If you’re not able to monitor this, it will be much more challenging to identify the actions and damage done by an ill-intentioned user.
- Set up a strong password policy with multi-factor authentication.
- Make sure all computers and phones have a password that gets automatically enabled after 5 min of being idle.
- Control and check as frequently as possible that your IT environment has been updated to the latest LTS version (long term support guarantee).
- Install, enable, and update an anti-virus & anti-malware on every employees’ computer.
- Audit your IT environment through external & professional experts like Yes We Hack, the leading bug bounty company in Europe.
- Use a VPN (Virtual Private Network) to make sure your connection inside or outside your office is secure, encrypted and hidden.
- Restrain your IT environment to only be accessible from a dedicated IP address (the IP address of your VPN) that will significantly reduce vulnerability to attacks.
- Set up an adequate insurance policy with the appropriate coverage to make sure you can get the support needed.
Security is an ongoing and never-ending task. It is advisable to outsource professional suppliers and solutions that provide a highly secure environment to process payments and information. It is indeed safer and easier to be supported by a specialist who works hard on cyber security rather than creating everything from scratch.
With over 750 clients in 18 countries, iRaiser has helped charities raise over 2 billion euros since its creation in 2012, always complying to three truths: relationship, trust and security. After numerous external security audits, we provide all the key elements and services that help building strong and long-lasting donor relationships, with data protection, privacy and security at the heart of our technology.
We invest continuously on cyber security following the best practices to prevent attacks and creating a secure environment for our clients by:
- Being fully GDPR compliant. With opt-in consent options, an editable privacy policy section, and exclusive hosting in Europe, we offer user-friendly fundraising solutions to meet those needs.
- Taking particular care in respecting the laws of all the markets we work in, especially those that concern the protection of personal data.
- And ensuring that our clients are the exclusive owners of the data collected by our different solutions.
Every year, through Yes We Hack, the leading bug bounty company in Europe, we test our solution for security vulnerabilities and assess the efficiency of our cyber security system.
Thanks to our constant investment to this area, we have been able to prevent numerous security breaches, even though we are constantly faced with attempts of cyber attacks or fraud on our online fundraising solutions.
For example, during the fundraising campaigns for Notre-Dame de Paris we saw up to fifteen thousand connections per second and faced more than a hundred attempted computer attacks in a week.
We are constantly working on improving and updating our security systems in order to provide the most secure fundraising platform for our clients and the safest environment for their donors.
By taking into account these best practices & understanding the importance of investing time and resources on cyber security, your organisation will pave a strong and durable path towards a fruitful future.
Putting into practice these lessons and making them part of your charity's DNA is essential. If you don’t have the knowledge or resources to form an IT team of your own, you can choose a reputable & trustworthy supplier to provide this service for you. It will save you time and money and make your life a whole lot easier.
Because in the end, preserving your donors’ trust and establishing long-term relationships will not only benefit your fundraising and the cause you are fighting but are the basis for your charity's survival.
Would you like to find out more about the benefits of a secure online donation platform? Read iRaiser's article: online fundraising platforms: a smart & necessary investment.