Running Internet servers for a Non-profit or NGO can be challenging. Often times, nonprofits have limited resources available so Information Security, although an important factor, gets overlooked.
With the recent news reports of internet hacking taking place on the home page of the California Attorney General’s Office and the Bay Area Rapid Transit (BART) system, local nonprofits should really evaluate their own systems for security threats.
It wasn’t clear who was responsible for hijacking the attorney general’s home page but the hacker-activist group, Anonymous, did accept responsibility for BART and threatened to attack the website of the Fullerton Police Department because of the use of force by officers from that agency; Fullerton officers are under investigation in connection with the death of mentally ill transient Kelly Thomas.
Client data, credit card systems and confidential communications are only a few of the reasons why secure servers are an essential part of an organization’s computer system. Below is an article about cyber security for nonprofits written by Joseph Steinberg, a cyber security expert and the C.E.O. of Green Armor Solutions, a leading provider of information security software.
Non-profits, like most modern organizations, handle significant amounts of sensitive information – which often resides in electronic form on Internet-connected computers and networks. Donor details, information about programs run and people receiving aid, employee and payroll records, and many other forms of data are all of significant value to criminals.
Hackers know that non-profits often don’t have the resources to invest in expensive security systems, and that computer systems in use may be several years old and designed before non-profits were being targeted with digital attacks. Cyber-thieves understand, therefore, that such systems often contain vulnerabilities and lack cyber-defenses, making them easier to hack than many systems in the commercial sector.
The consequences of compromised security may not be small. Bad press, the breach of confidentiality and embarrassment emanating from the leakage of data about people being helped by the non-profit, fines from credit card companies for failure to confirm to security requirements, or donors suffering the anguish of identity theft and blaming an organization’s negligence can be catastrophic.
So what can a nonprofit do to ensure that it remains cyber-secure? Steinberg provides eight high-level suggestions that will get nonprofits headed down the right path to security.