As malicious attacks continue to grow, it is imperative that nonprofit organizations of all sizes take the necessary steps to bolster their cybersecurity practices.  Nonprofit networks host a treasure trove of sensitive and valuable information making them an attractive target for hackers.  Limited budgets and small IT staffs make it difficult for many of these organizations to adequately secure their network and protect their clients’ and donors’ information.  However, there are a few areas organizations can focus on as their overall cybersecurity policies and practices continue to evolve. 

At the core of all cybersecurity policies is training.  Employee cybersecurity awareness training plays a critical role in protecting an organization from malicious threats.  Empowering users with the skills they need to identify, react to, and report the different forms of phishing emails, scams, and social engineering attacks directly reduces a hacker’s chances of success.  In addition to structured and recurring training, all employees need to be aware of their organization’s internal reporting procedures so they can effectively react in case of an incident.  When executed properly, a solid training program can transform employees from being an organization’s greatest security vulnerability, into its greatest defense asset.

Another focus area for nonprofits is controlling access to the network and its resources.  The first line of defense is a strong password policy.  Password complexity requirements, minimum reset timeframes, and settings to prevent the reuse of old passwords should all be part of this policy.  Organizations should also consider using strong passphrases with increased minimum character requirements.  Passphrases are easier to remember, but are harder to crack due to their increased length.  Additionally, all organizations should strongly consider implementing multi-factor authentication as part of their login process.  There are many applications available that integrate easily with existing technology, and dramatically improve an organization’s security posture.  Removing access to the network when employees or volunteers leave the organization is just as important.  Implementing a thorough off-boarding process will ensure prior employees no longer have access to critical information, and that their accounts are not left open for hackers to exploit.

Creating a software application inventory and ensuring updates and security patches are applied regularly is another way nonprofits can help safeguard their networks from malicious attacks.  Hackers are continuously looking for software vulnerabilities to exploit and wreak havoc on a network.  Understanding what programs are installed on the network and when they are no longer supported can help reduce the risks associated with unauthorized and outdated software. It is very difficult to secure and manage a network without the knowledge of what programs are installed. Additionally, nonprofits running Windows 7 without Extended Security Updates need to be aware of the risks associated with continuing to use an outdated operating system and should plan to upgrade to Windows 10 as soon as possible.

For more information on safeguarding your network, please perform an Internet search to review NTEN’s (Nonprofit Technology Enterprise Network) State of Nonprofit Cybersecurity 2018 report and Microsoft’s Nonprofit Guidelines for Cybersecurity and Privacy.