It’s International Charity Fraud Awareness Week, a global effort to help charities and donors avoid charity fraud. The FTC has united with state charities regulators, the National Association of State Charities Officials, and international partners in the campaign. By joining forces, we can reach more charities with information and advice. This year, the focus is on what charities can do to help defend against cyber threats. We hope businesses will carry the message to their communities and share free cybersecurity resources from the FTC.
Why are we asking you to help spread the word? Two reasons. First, business leaders play a key role in the non-profit sector – volunteering their time, serving on the boards of charities, and sharing their professional expertise with community organizations. Second, you know from experience about the dangers that hackers and scammers pose to insecure networks. So when business executives speak on this subject, charities listen.
Cyber criminals pose a particular risk to charities. Local non-profits may not have IT professionals on guard against unauthorized access. That’s why hackers sometimes target non-profit groups, exploiting any opportunity to break into networks, steal data, and even divert funds away from those in need. How do they do it? Scammers may try to trick staff members into giving them access to the organization’s network or they may lure employees or volunteers into downloading malware that can corrupt the charity’s computers. From the charity’s perspective, any amount of money lost to a scam is too much. And a hack that causes systems to shut down for even a few hours can have a disastrous impact on fundraising efforts, not to mention that donors may lose faith in a group if their information is compromised after they donate.
The FTC’s Cybersecurity for Small Businesses site features resources – fact sheets, quizzes, videos, etc. – suited for the non-profit sector. Resources on ransomware, phishing, business email imposters, web host hiring, and more can help charities protect the data they collect, including donors’ personal and financial information. You’ll also find to-the-point tips on training employees and volunteers to protect organizations’ files and devices, rebuff phishing attempts, and keep networks protected.
Not sure where to start? The next time you have a board meeting or donate time to a favorite charity, suggest that they start with the basics:
- Set up software to update automatically.
- Secure files by making a back-up offline.
- Require passwords for all devices.
- Use multi-factor authentication like a PIN or key.
- Encrypt devices.