Locked Door

Keeping donors secure and improving fundraising security

6 min read
Tim Grable

“Congratulations! You have been hacked.” This is the blaring, red-alert message that greeted a nonprofit fundraising organization’s executive director one day. At this point, they realized they’d already been locked out of the organization's bank account, website login and the donor database stored on that computer. Credit card numbers, names, addresses — every last detail was now in the hands of a hacker.

The director, who spent years building up a successful nonprofit fundraising program to help those in need, is now left to deal with the consequence of operating without a virus and malware scanning plan in place.

This couldn’t happen to your nonprofit, right? Wrong!

According to a study conducted by Ponemon, "nearly half of the US population was hacked in some way in the space of one year." The National Small Business Association reports that nearly half of small businesses have been the victim of a cyber attack, at an average cost of $7,000. The threat is real and fundraising security is a top concern.

Success means guarding donor data

Why are so many businesses being hacked when it’s common knowledge to watch out for hackers in the digital age? That’s exactly the problem: This is the digital age. One cannot enter a public place for more than five minutes without seeing someone on their smartphone. We’ve all grown so used to being surrounded by technology that we take it for granted. It never occurs to us that, to an unscrupulous hacker, technology provides a door into our most sensitive data.

Frustrated Woman Sitting at Her Computer

Technology has advanced miles since its creation, and along with that, so has hacking. Hacking has gone from the old-fashioned virus that can simply slow down your system to locking you out of all your information, delivering personally identifiable information right into the hands of the hacker.

We all learned the basics: Never share your passwords with anyone, verify that an attachment is from an actual address before downloading it, don't fall for those "you won a free iPad" schemes, etc.

Everyone knows to be on guard for potential hacking threats. The only thing is, hackers learned those rules as well. As the old adage goes: Know the rules well so that you can break them effectively. That is what hackers do. They take advantage of everyone following the rules and use it to their benefit — targeting businesses and groups (like nonprofit fundraising organizations) that store users’ financial data.

While it may seem all hacking is the same, it just isn’t that simple. There are many different types of hacking that can hamper fundraising security efforts. One example is phishing, a way of duplicating a legitimate website, then sending seemingly authentic emails to users of that site asking them to supply their login details. All of a sudden, this legitimate website is not so legitimate anymore — you've unknowingly aided the hackers by not expecting their attack.

Another type of hacking, called social engineering, often targets small businesses and nonprofit fundraisers specifically. A hacker could call the office, posing as a technician in the IT department, and convince a staff member to give them passwords and other login information. In a matter of minutes, the group’s entire system is now hacked.

Perhaps you’re thinking only foolish people fall for such schemes. Everyone knows what a hacker appears to be, right? Well, apparently not everyone. One article written by Gizmodo states, "it takes an average of 82 seconds from the time a phishing campaign is launched, until the first sucker bites." Eighty-two seconds. That’s quicker than the time it takes to brew a pot of coffee in the morning.

The ransomware epidemic

Another way nonprofit fundraising might be at risk is through ransomware. Ransomware often appears in the form of a legitimate-looking email attachment. When someone opens it, their computer (and all others networked to it) is seized and held hostage. The victim is then charged a fee to either "get rid of the virus" or to update the software, which takes hours to complete. Or it could end up locking people out of data and charging a ransom anywhere between $200 and $10,000 to be allowed back in to view it.

According to the FBI, one bit of ransomware called CryptoWall has earned hackers million since April of 2014.

“It’s like the shores of this war are spilling onto us,” says Jim Daniell, Chief Operations Officer at Oxfam America, when asked about cybercrime against nonprofits. “The next two or three years will really be about circling the wagons … I feel like we’re the poor townspeople who can’t protect ourselves.”

Fear not, because help is at hand. Security providers, like GoDaddy, are ready to do the protection so you can focus on your work. And have peace of mind while doing it.

Proactive security steps for nonprofit fundraising groups

Now that you know, you owe it to your fundraising group to take action to avoid the loss of the identifiable personal information you store on your computer networks. The consequences of inaction are just too great: Loss of reputation, lawsuits and diminished reach to name a few.

If you have yet to be hacked, you’re lucky — you still have time to take action and protect your organization’s good name and mission. The action? Engage a malware screening service that can not only deflect hackers, but also take them down if they try to enter your site.

One such service is GoDaddy’s Premium Website Security. This service includes many features for enhancing fundraising security:

  • Scans your website daily for signs that hackers are trying to get in. It also monitors related services (DNS, WHOIS and SSL) to make sure visitors aren’t being taken to a fake website or tricked into divulging their private details.
  • Alerts you immediately if it detects suspicious activity. Once you’ve authorized a cleanup, the GoDaddy security team gets to work to take care of the damage before it escalates.
  • Keeps you on the Google’s good side and off the blocklist of sites considered dangerous to visitors. Once you’re on the blocklist, it’s nearly impossible for people to find you.
  • The deluxe plan includes a Web Application Firewall (WAF) to proactively protect you against future attempts. WAF keeps hackers from ever getting a toehold, protecting your nonprofit fundraising organization against malware, injection flaws and both brute force and DDoS attacks.

If you’ve already been hacked, there’s still a way to get rid of that malware. Look into GoDaddy’s Express Malware Removal for guaranteed repair and protection. Take action now to protect your good name. Because your fundraising organization (and the people involved) deserve to have their information secured.

Products Used