Combatting Cyber Attacks: Protect Your Nonprofit Organization’s Data

Jan 23, 2020

At NFP Partners, we are proud to partner with Onset Solutions, an IT management and support services group. They offer businesses and nonprofits support and tools to ensure protection from cyber-attacks. Since all of us consultants at NFP Partners live on the internet, we felt it was an important step in keeping our information, and our client’s information, safe. So, in 2019, we took the necessary steps to partner with them.

The VP of Business Development for Onset Solutions, Hilary Taylor, wrote this blog article a couple of years back. Now that we are in 2020, we think it’s worth re-visiting. In the updated article below, Hilary Taylor provides insightful reminders on how to protect your organization’s data.

You walk into work one day, take a sip of your coffee and log in to your computer. Everything looks different. Your e-mail isn’t there and all of the data on your server has disappeared. Your client files, donor information, accounting documents – vanished. Even your logo has gone missing.

What happens next? Someone will reach out and demand a ransom, typically tens of thousands of dollars. And the longer you wait, the higher the cost escalates. You can pay the ransom, crossing your fingers that your data is released. Or, you can move forward with only what you have on hand.

In either case, donor and client information has been exposed to a dangerous third party with malicious motives. A situation like this can severely impact the reputation of your organization. This isn’t something you’d want to see on the front-page news.

The good news is that there are easy steps you can take to protect your organization from this and many other cybersecurity attacks.

Here are four things you can do today to increase the safety of your nonprofit’s data.

1.    Update Antivirus Software

Antivirus programs are designed to isolate any malware that is found on your network, including ransomware. All devices should have a current, updated, and reputable antivirus program on them. There are a lot of options on the market, so aim to find a balance between cost, user experience and effectiveness.

While there are discounted offerings through TechSoup, in our experience it might be worthwhile to invest in a more expensive product that is less invasive to users so they aren’t tempted to bypass the protection. Your antivirus product selection should be reviewed annually, looking for a solution that has high detection rates and low false positives.

2.    Have a Comprehensive Backup Solution

Make sure your organization has at least two backup strategies in place to keep important files safe. One should be a hard drive that is offline and off-site as well as a cloud solution that backs-up daily. The goal is to be able to quickly and easily get your office running again if faced with a worst-case scenario.

Ideally, you will have three or more off-line backups that you rotate through weekly as sometimes a virus will “hide out” on your network for a period of time before attacking. Copying your data onto an external hard drive and taking it off-site will provide an easy and fast way to restore the core of your data, whether you are hit with a ransomware attack, hardware malfunction or building fire.

When it comes to a cloud solution, pick something that is easy on your staff so it gets used. Some products, including Office 365, G-Suite and Dropbox, have nonprofit-specific offerings that are heavily discounted or free to 501c3s.

3.    Educate Your Users

Your employees and volunteers are the best defense for your network. Make sure they are trained on what they should avoid doing while connected to the internet.

You can incorporate tips into staff meetings, send a monthly e-mail or create a unique strategy that fits within the culture of your office. End-user best practice discussions are a crucial part of any cybersecurity plan.

In addition, it is always wise to give your users the least amount of permissions necessary to do their job. Preventing staff from installing a program might cause an occasional inconvenience, but it will prevent a virus or other malware from accessing your network.

4.    Strong Network Security

Have strong network perimeter security to prevent unwanted traffic from the internet infiltrating your network. This includes properly configured firewalls on local network servers and controls on remote access.

An off-the-shelf solution might promise strong security, but can prove unreliable, especially when not well maintained. This is complex technology and we highly recommend working with an experienced information technology professional, whether on staff or outsourced, to ensure your bases are covered.

Taking these steps won’t protect your network from everything. Instead, consider this the first part of a larger plan.

Ideally, every nonprofit should develop and enforce a comprehensive Network Security Policy. Investing time to create a thorough cybersecurity strategy is well worth the effort because it isn’t a question of if you will be attacked but when.

Hilary Taylor, VP of Business Development for Onset Solutions