By ACN member Gregory Perrine

The number of cyber attacks has risen dramatically since the pandemic began. Remote workers, unaware of threats to digital security, have inadvertently cost their employers millions. While businesses are the most frequent targets, nonprofits are also at risk. Consider all of the sensitive data your organization stores or accesses electronically, including payroll information, that might be attractive to cyber thieves. Below are a few simple practices that can significantly lower your risk.

Establish a Password Management Plan

Most of us know that we ought to be creating long, strong, unique passwords for our online accounts and updating them frequently. But let’s be honest, we are all guilty of using the same passwords for multiple accounts, and for far longer than we should.

To keep your data safe, send out reminders to your employees every three months to change the password they use to log on to your network. But recommend that they make it easier by using a free password manager such as LastPass. Password managers store hard-to-remember passwords securely and have built-in generators to create ones that are hard for the bad guys to guess.

Prevent Social Engineering Attacks

Most of us are aware that scammers “phish” for personal information with emails that appear to be from companies like Chase Bank, PayPal, and Amazon, or a friend or business associate. But as scammers come up with increasingly ingenious ploys, it’s easy to get caught off guard. We have a few tips to ensure you are catching common phishing scams:

1. Look at the actual email address, and not the display name. Oftentimes, a scammer can spoof an executive’s name based on what is publicly available online.
2. Check the tone and grammar of the email and ask yourself, “Does this sound like something the sender would say?”
3. If there is hyper-linked text, copy the link address and paste it into a new browser window to ensure it is linked to the correct URL.

Make sure your nonprofit has a system in place to alert employees immediately regarding any phishing scam that lands in their email inboxes. This can be done via email, Slack, Teams, or Hangouts and should include a screenshot (not the forwarded message) of the scam.

Secure Home Networks

With so many employees logging into your network from home, ensuring the security of their home networks is vital to preventing an attack. Ask that everyone logging into your network remotely change the default password on their WiFi router, if they have not already. You can always contact your internet provider to see if it can offer any additional firewall protection for your network, or invest in an external firewall if your organization is handling sensitive data.

Consider a Virtual Private Network

A Virtual Private Network—commonly known as a VPN— encrypts all of your internet communications so that hackers are unable to spy on your activities or gain access to your data. Some VPNs can even block unwanted ads, pop-ups, malicious websites, and viruses. While VPNs will slightly slow your internet speed, the tradeoff in security is well-worth it. My company, eGuide Tech Allies, has compiled a list of specifications to look for in a VPN and three low-cost providers that we recommend to our nonprofit clients.

While following the simple steps above can’t guarantee that your network will never be hacked, they will make it far less likely.

Gregory Perrine is chief executive intern at eGuide Tech Allies, a company that provides digital marketing, technology support, and business development to nonprofits. Perrine has over a decade of experience in providing technology solutions, workflow automations, event planning, and logistics support for emerging nonprofits. He specializes in working with organizations to streamline their operational systems and identify and implement technological solutions that help them become more efficient and effective.