December is a giving time of year, and not-for-profit organizations may be on the receiving end of some financial gifts. Individuals and businesses have strong tax incentives to make charitable contributions before the calendar year wraps up, and as a result, donations may be flooding in.
As taxpayers make the last push on their checkbooks, not-for-profit organizations should be on the lookout for potential risks that could be facing their contributions. If your organization is victim to a cyber-attack, it can make donors feel as if the organization did not value them enough to enforce proper safeguards to protect their personal information.
Even small not-for-profit organizations have been shown to be vulnerable to hackers. In February 2017, a not-for-profit organization in Muncie, Ind. fell victim to a phishing email. It had all its data stolen from a server and held ransom.
Cybersecurity and Donations
Cyber criminals are on the hunt for personally identifiable information. Hackers have many ways of attempting to access personally sensitive information, including sending phishing emails to employees, masquerading as charitable organizations or finding vulnerabilities in software updates that may provide access points into servers and other sensitive information. Once sensitive information is obtained, it often ends up on the Dark Web where it is sold to users looking for personally identifiable information that can be used to make online orders of merchandize or other illicit purchases.
Organizations can help their donors navigate their cyber risks by providing awareness to their donors about how to use online donation tools. Not-for-profit organizations may also want to consider limiting or avoiding altogether the use of electronic donation requests. Email phishing remains a top risk for individuals, and cyber criminals may be sending out similar electronic requests for donations in an effort to trick users into divulging financial information.
Monitoring the Dark Web
Organizations that receive online donations or transmit sensitive data through online portals may want to get familiar with Dark Web activities and trends. The Dark Web functions similarly to what we know of as the web, but the Dark Web can only be accessed through specific software and browsers, such as Tor.
The technology involved in getting to the Dark Web and the difficultly in tracking activity on the Dark Web makes it a popular haven for cybercriminals. It also becomes a place where cybercriminals sell hacking guides or tools to assist with data breaches. These guides and leaks often show up in real-world data breaches. The WannaCry incident came from National Security Administration data that was leaked to the Dark Web in early 2017.
If organizations have a sense of what hacking or system vulnerability may be out there, they may be able to better protect themselves from emerging threats. Keeping up-to-date on security and software patches is essential. All organizations should also have their personnel kept up-to-date on trends affecting cybersecurity.
Not-for-profit organizations conducting online activities or taking donations online should be vigilant in monitoring network activity. Suspicious activity should be reported and isolated immediately to minimize the potential for damage.
The holiday season is no time to let your guard down when it comes to cyber risks. Not-for-profit organizations that are in tune with cyber-attack trends and best practices in cybersecurity may be able to avoid the season’s greatest risks. For more information about how you can enhance your cybersecurity methods, , please contact us.
Ray Gandy is a Director and Leader of the IT Risk and Security Practice in New England. He can be reached at firstname.lastname@example.org or 617.671.0722.
Copyright © 2017 CBIZ & MHM (Mayer Hoffman McCann P.C.). All rights reserved. CBIZ and MHM are separate and independent legal entities that work together to serve clients. CBIZ is a leading provider of tax and consulting services. MHM is an independent CPA firm providing audit and other attest services. This article is protected by U.S. and international copyright laws and treaties. Use of the material contained herein without the express written consent of the firms is prohibited by law. Material contained in this alert is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their business.