fbpx

< Back to Thought Leadership

Cyber Security Vulnerabilities for NFPs

A hot topic of many conversations recently has been cyber security. Are not-for-profit organizations at risk? If so, what should be done to address the risks? Not-for-profit organizations handle sensitive data every day, which make them a prime target for an attacker. Reputation is everything to a not-for-profit organization, and a data breach or other cyber attack can destroy that reputation very quickly. Some of the top cyber security threats to an organization today are your employees, outdated software or patches, and poor decisions in password management.

Do your employees know how to tell if an email is from a legitimate source? Can they identify safe attachments and non-safe attachments? What if someone sends an email to one of your employees asking for private information, or pretends to be someone they are not? Proper training for your employees will help them identify possible threats that might be reaching out to make contact with your organization via email, chat and/or telephone.

Security Awareness Tips

Many data breaches are initiated when employees click on email links or attachments. Attackers are always adjusting their attack methods and are getting craftier. Emails often appear legitimate and may originate from email addresses that appear valid. Security awareness training for all employees, including board members, should be completed regularly. Below are a few red flags regarding emails noted by KnowBe4, a security awareness training and simulated phishing platform:

  • Is the email from someone you don’t ordinarily communicate with?
  • If the email is from someone within your organization, is it very unusual or out of character?
  • Is the email from the Executive Director/CEO encouraging you to pay an invoice quickly or wire transfer money to someone? Always confirm face to face/voice to voice.
  • Were you copied on an email sent to one or more people; however, don’t personally know the others?
  • Was the email sent to an unusual mix of people? For instance, it might be sent to a random group of people at your organization whose last names start with the same letter.
  • Is the sender asking you to click on a link or open an attachment to avoid a negative consequence?
  • Is the email out of the ordinary or does it have bad grammar or spelling errors?

Software patches and anti-virus software are pivotal in the cyber security world, as they keep attackers from being able to inject code or processes in your computers or network remotely, or from sending your organization disks or files that do nefarious things like stealing sensitive information. These patches to the operating systems and antivirus are released in an effort to protect the computers on which they are applied, and it is important they be applied regularly to ensure the maximum level of protection.

If you are unsure about an attachment, hover over the link or picture before clicking to go to an external site. Often, these links will not appear legitimate and you can see that it is trying to send you to an alternative disreputable site. This should be your first indication that something is not right and you should not click on the link.

Where are your passwords right now? If you lift up your keyboard, open your drawer, or even look in that notebook you keep stored next to the computer, would you find your password? Today’s threats aren’t always coming at you digitally. If someone can find the password to your computer or account, they have an easier way to get into your information. Password policies about storage and expiration are important to ensure that the sticky under your keyboard isn’t the weakness that let someone cause your organization unnecessary problems. If you are having trouble remembering multiple passwords, consider a software password manager such as Dashlane, OnePassword, LastPass, Keeper, or a host of other options.

On that note, give thought to the physical location of your network or computer devices. If someone of the right skill level can get physically to your computer, they do not need the password. A laptop you keep in your car or the desktop computer that you always sign into that has your passwords saved might be a prime target for someone that’s looking for access to places they shouldn’t be.

Does your organization accept online payments or credit cards? Make sure your payment processor is compliant with all the requirements of a reputable payment processor. A less reputable processor might not protect your data or the data of your contributors in such a way that prevents dishonest types from skimming the numbers as they pass across a website or service. You may consider inquiring whether the processor has a SOC 1 or SOC 2 report, issued by a CPA which describes and verifies the controls they have in place.

If you have questions or would like assistance addressing the risks for your organization, please feel free to contact Holly Fields, Thomas Skoog or your local Blue & Co. advisor.

 

Big Changes Coming to Individual 2018 Tax Returns; and Not Just the Look of the Forms!

The Tax Cuts and Jobs Act (TCJA) was the biggest tax overhaul we have experienced since 1986.  While much of the publicity was around simplifying the code and the forms for individuals, you will notice some major changes in how your tax liability is calculated this year. Let’s discuss three of the big changes (not […]

Learn More
LLC members & self-employment taxes

LLC Members & Self-Employment Taxes

When it comes to self-employment taxes, an LLC member is not necessarily in the same boat as a limited partner. The IRS is cracking down on LLC members who underreport their SE income by erroneously claiming they are similar to a limited partner of a Partnership. Facts and circumstances play a key role in making […]

Learn More
The #1 issue facing construction companies (still) (1)

The #1 Issue (Still) Facing Construction Companies

Workforce development continues to be a major issue facing the construction industry. The fact that it has remained a top issue for the past several years shows it is not going away, and solutions are slow to come. When we talk to construction company clients and ask them how it’s going, many of them say, […]

Learn More