Avoiding and Handling Email Fraud
In a world where technology is king it isn’t difficult to have your entire life taken over by one mediocre hacker or malware program. As a nonprofit, such a hack can severely affect your organization. Think about what you keep in your email…bank information, donor records and contact information, personal details, etc. If such information fell into the wrong hands it could have a detrimental effect, making password security and internal controls a critical requirement for your nonprofit.Preventing an email hack
Don’t send important info via your email
Email communication has an inherent flaw in that it is not designed nor required to maintain privacy. It can be easy to get to and easy to take advantage of (especially when you have access to it on multiple devices). This is why you should NEVER send important information via email.
Don’t mix emails
Have an email for work and an email for home, and don’t comingle to two. This will limit the information stolen in the event of a hack. Plus, you don’t have any expectation of privacy on your work computer or email, so leave the personal business for your personal time/devices.
Watch where you log in
Vacationing in Russia? Leave work in the states. Avoid accessing your accounts from different countries, networks, or computers, doing so increases your likelihood of being hacked. If you do plan to work from that coffee shop or vacation, make sure that all of your sensitive documents can only be accessed by a secure VPN .
Utilize a strong, secure password
I’ll give you a hint, your dog’s name and the current year isn’t an adequate password. Luckily I found that out via this site that checks your password strength and not by being hacked. It will take a computer program 157 million years to hack my new password.
Get and maintain firewall protection
If you’re not very tech savvy about firewalls, which as stated by Lavasoft, “According to a study by NCSA Cyber Security, only 4% of Americans say they understand firewalls "completely", while more than 44% don't understand firewalls at all” their article What is a Firewall and Why Do I Need It will break them down in easy to understand English.
Internal controls can prevent a hacker access to your nonprofit’s financials
Utilize SFTP folders
This is the best route to communicate secure information. SFTP stands for Secure File Transport Protocol and essentially is a folder which provides access only to approved users in a secured, controlled environment. Techopedia breaks down why SFTPs are useful and necessary in this article .
If you HAVE to send secure information via email, break the information apart so the portions you are sending are indistinguishable on their own.
For example, if you have to have your accountant wire money on behalf of your nonprofit via email, you could have one person email wiring information and a separate person from your organization call with the receiver’s information. You should always have more than one point of contact for these situations, so that if you were hacked your organization is still protected.
Please note we consider this an occurrence that should only happen in an emergency situation.
Consider paying an IT company
An IT company can secure your network so that you are the most protected should you be hacked, and while your budget is tight, it is an expense that could save you thousands should you be breached...not to mention, a hack can severely affect your reputation.
For more information on managing the internal controls of your nonprofit, check out these previous blog posts:
Renata Poe Massie, Content Creator for Jitasa