You Got Hacked. Now What?

4

A few weeks ago, one of my clients had its website hacked. A small nonprofit here in Columbus, Ohio, we couldn’t figure out why our website wasn’t loading properly and what had happened to all of the content. Then, we received the simple explanation from our web manager: “We got hacked.”

“We Got Hacked”

At first, there were laughs around the room. And then we realized that this was actually a real thing. And it happened just in time for our holiday give campaign to start. (Cue: Sad Trombone Sound)

Nonprofits assume they’re exempt from the threat of hacking and cyber security breaches. Why bother hacking a tiny nonprofit when you could hack a large corporation who has a ton of money and a bunch of customers who’ve handed over their personal information? Want the truth? IT’S REALLY EASY.

Hacking a nonprofit isn’t about the monetary gain for the hacker – it’s about making a malicious statement that it can be done. And, unfortunately, the result of nonprofit hacks can be really costly for the organization. Lost records, damaged public relations, a knocked out donation system, or compromised donor personal information can shut the organization down pretty quickly. And when your staff is comprised of volunteers or previous pro-bono work, it could take a while to get yourself back online.

Remember that donors can give money to plenty of places and a hack could turn them completely away from your organization, suggesting that you weren’t careful or diligent enough to protect their information. So what can you do to prevent being hacked or to rebuild after a hack? Here are a few steps to take:

What You Can Do

Lock down your devices. Laptops, iPads, mobile phones, even desktop computers are super easy to steal or connect to. Stolen or lost devices account for a large chunk of compromised information. Make sure you keep track of all devices – even if they’re not often used – and have a plan to wipe secure information should the device be compromised.

Reset your passwords often and be careful how you share the information. If your organization is small, it’s likely that everyone working there knows the password to at least one shared account. There’s probably a “passwords” document stored on a Google Drive or in a notebook (in an unlocked drawer) that would be easy for a data thief to discover. Take a page from the corporate security book and make a reminder to reset your passwords every few months. You can use password storage programs through your anti-virus software, or something like LastPass to keep passwords private and secure and accessible to just those who need them.

Encrypt, encrypt, encrypt. Though you might use Cloud storage, you should always keep files on your hard drive encrypted. It’s super easy to do and the benefit is that even if data is compromised, hackers will still need to know how to access your encrypted files.
Put it in writing. When organizations rely on volunteers and a small staff to execute, policies and procedures are often overlooked or oversimplified. When it comes to the privacy and security of your information, you must make sure your staff members and volunteers know what they can and cannot share. Put it in contracts, employee manuals, and agreements so there is no confusion.

Have you ever been hacked? How did you fix it? Tell us in the comments!

About author

Kadi McDonald

No matter where she's worked, Kadi has successfully evaluated deep-rooted communications challenges and developed a plan to improve and simplify for the audience. She has shifted her professional life to one that allows her the flexibility and time to be dedicated to her passion projects. She develops and manages social media strategies for nonprofits, writes articles and blogs for a wide variety of clients and audiences, and consults on small marketing and branding projects for all types of businesses. She is a storyteller by nature and thrives in environments that crave authenticity and transparency. She works with multiple nonprofit organizations whose missions surround the ideas of community, compassion, service, and equality for all.

4 comments

  1. Justin Farmer 28 December, 2016 at 21:25 Reply

    You’re right on point Kadi! I know so much of what nonprofits can do comes down to determining relevant spend versus putting the money towards the mission statement. Regardless, some sort of security is a must! …Something I’ve been preaching for years. In fact, I built a company to help avoid the costs associated with cyber security. Keep up the good work!

    • Kadi McDonald 29 December, 2016 at 16:14 Reply

      Thanks for reading, Justin! It’s so easy to have information compromised when you’re moving at lightning speed in the nonprofit space. Writing this article was super easy because I want ALL of my clients to read it!! 🙂 Happy New Year!

    • Amy DeVita 30 January, 2017 at 10:01 Reply

      Thanks for sharing Kadi’s post with your audience, Kivi. While we are all focused on bringing light to the good that our orgs do, it is increasingly vital to beware of the cyber threats that exist and could really undo all our hard work.

Post a new comment