As the year draws to a close, should cybersecurity be forgotten and never brought to mind? Of course not! Cybersecurity is a year-round commitment for nonprofits and is crucial throughout the holiday and the new year.
Nonprofits can be a target for cyberattacks, and with an influx in donations, the year-end holiday season is an active time for cyber criminals targeting access to financial data. Nonprofits store sensitive personal information and are protected by law as confidential. If your organization falls victim to a cyberattack, it not only endangers personal data, but your organization can also be liable for the breach.
Cybercriminals target employees across all businesses. According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches were caused by human error, with phishing and text message phishing scams being some of the leading causes, and the three primary ways in which attackers access an organization are through stolen credentials, phishing, and exploitation of vulnerabilities.
So, what can you do to ensure you have sound financial cybersecurity practices? Consider these year-round cybersecurity resolutions.
Resolution #1: Conduct a risk assessment
Start by taking inventory of all the data your nonprofit collects and identify where it is stored. The Council of Nonprofits recommends the Nonprofit Technology Network’s risk assessment template. The template helps your organization understand what sort of confidential data it handles, who handles it, and what your organization does after receiving it. This risk assessment should identify areas your nonprofit can focus on to secure its data.
Resolution #2: Back-up your data
The U.S. Cybersecurity and Infrastructure Security Agency recommends nonprofits maintain encrypted backups of critical data, including financials, and regularly test the availability and integrity of backups in case of disaster.
Cloud-based software takes the guessing game out of back-ups, and cloud environments have layers of security to keep your organization safe.
Leading cloud vendors operate with cloud providers like Microsoft Azure or Amazon Web Services. These providers have fully established operational standards and adequate cybersecurity governance with multiple redundancies built of which a vendor can take advantage.
Cloud software automatically backs up and secures your organization’s data across multiple servers. These essential measures keep an organization’s data safe and create a disaster-proof cloud environment. If something happens to your physical office, your data is secure in the cloud and can be accessed wherever you have an internet connection.
Resolution #3: Create, maintain, and train
With human error responsible for most cyberattacks, your nonprofit must develop a cybersecurity training program and have employees follow it.
Nonprofit IT teams can lead discussions about cybersecurity with employees, including management and IT staff. Several training programs are available that explore different cyberattack situations and even test employees with common phishing scenarios.
Ensure your employees are mindful of sites they’re using at work, the links they click, and are careful when receiving communications from unknown parties.
Phishing scams where cybercriminals pose as members of an organization continue to rise in popularity. Employees should never give their password to anyone over the web and always double-check in person if a request seems unusual or suspicious.
Resolution #4: Rely on cloud security and internal controls
While everyone in your organization is responsible for cybersecurity, your technology and your vendor partners play just as crucial a role. Your technology is your first line of defense in cyberattacks. In addition to being hosted on an established provider, your technology should use multi-factor authentication (MFA), which adds the needed security layers.
MFA increases the security robustness of a system by introducing a layered approach to verifying a user’s identity. Users must provide a login token from an authenticator app before the system allows them in. MFA gives your organization the peace of mind of adding another step to deter unauthorized users from accessing your information.
Resolution #5: Set internal controls for financial data
It’s crucial that internal controls protect your financial information. Internal controls allow your organization to segregate duties and limit who can access financial information, which helps prevent fraud. Having a hierarchy of command ensures no one person has unchecked access to nonprofit finances. Accounting technology makes it easy to implement these controls and often includes an audit trail that logs changes when they were made, by who made them, and at the workstation where they were made.
As we prepare to take the next steps into 2024, these new year cybersecurity resolutions will keep your nonprofit safe and secure.
Neil Taurins is the General Manager of Nonprofit Solutions at MIP Fund Accounting®. He has been with the company for more than 12 years and is passionate about working with nonprofits to provide them with solutions to improve efficiency and better help them accomplish their mission.