Estimated reading time: 3 minutes, 0 seconds

Don’t Let Cyber Hygiene Become an Afterthought Featured

"Bathroom sink" "Bathroom sink"

The beginning of a new year (and new decade) is a time for us all to evaluate our habits, whether good or bad, especially in the workplace. As we leave behind the holiday season and approach tax season, we can’t let good cyber hygiene become an afterthought. Cybercriminals know most organizations cannot afford disruption during the year’s peak donating season, and their targeting of organizations at this time is a deliberate ploy to extort as much as they can.

Cyber Monday 2019, for example, saw a 58% increase in encrypted attacks on the previous year alone, according to SonicWall Capture Labs threat researchers. Their team further recorded a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from Nov. 25 to Dec. 2. As the numbers show, access to data is a valuable bargaining chip for extortion — one cybercriminals use with abandon.

When attacks like these happen to household brand names like Adidas, or national institutions like the NHS, smaller businesses fall into the trap of thinking that cyberattackers exclusively target large organizations.

But small- to medium-size businesses (SMBs) and smaller philanthropic organizations are not immune. In fact, cyberattackers often focus their attention on smaller businesses because they are more likely to have low levels of sophistication in network security and even smaller IT budgets dedicated to cybersecurity. Case in point: in the past 12 months, 66% of SMBs experienced some kind of cyberattack resulting in average net losses of up to $2.5 million because of disruption to normal services.

That’s why it is imperative for nonprofits to ensure their security posture is as robust as possible from the outset. Here are some easy-to-implement and cost-effective practices that all organizations should consider for their cybersecurity strategies in 2020.

What can nonprofits and philanthropic organizations do?

Make sure the websites you use are using SSL or TLS encryption

SSL and TLS encryption protects organizations’ and donors’ data as it is transmitted online. A site is encrypted if the URL begins with “https:” instead of “http:”, and your browser displays a padlock icon. Encryption is the absolute minimum of security for online businesses, but a critical added layer for businesses that can budget for more sophisticated security measures.

Beware of email links & attachments

Phishing schemes tend to rise dramatically during the last quarter of the year. In addition to email, cybercriminals may try to phish businesses through banking websites. Phishing messages may ask you to “confirm” your account or purchase information by clicking on a link, or they may send “receipts,” “shipping notices,” or “coupons” as attachments.

Your best defense is to never click on any unsolicited links or attachments. Instead, type the URL into your browser manually and log in that way. A cost-effective way to ensure employees and volunteers are updated on the latest security best practices is to have a security expert conduct an afternoon training at your offices or simply print and laminate a list of key tips.

Use a password manager for your organization

Your organization’s passwords are what stand between you and cybercriminals accessing your (and your loyal donors’) information. Don’t depend on spreadsheets or sticky notes, and never use the same password for all of your logins. A robust password manager allows you to secure all of your accounts with strong, unique passwords and reminds you when you need to update them

Don’t let cyber criminals get the most out of the season of giving. Follow these basic guidelines throughout the year to prevent unauthorized access to your organization’s most valuable asset:  your data.


Bill Conner, CEO, SonicWall

Read 2186 times
Rate this item
(0 votes)

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.