How to Protect Donor Data from Prying Eyes
Donors trust your nonprofit not only with their money, but with their personal information as well. One way your organization can honor that trust is to ensure you protect donor data from cybercriminals.
Nonprofits are no less immune to cyber-attacks than other organizations. Just like businesses, nonprofits harbor something criminals want – valuable information. But it’s easy to overlook potential threats. This is why cybersecurity training is so important. It can help you spot a cybersecurity threat in time to thwart the damage that results from a compromised database.
Curtis McCallister, manager of technology solutions at James Moore, explains the top strategies for securing your donors’ personal data from accidental exposure and external cyberattacks.
What do cybercriminals want?
Cybercriminals are often looking for personally identifiable information – data that leaves someone vulnerable to exploitation. Personally identifiable information can include the following:
- first and last name
- position and/or title
- contact information, such as home address, phone number and/or email
- life history information, such as date of birth, place of birth, mother’s maiden name, education, high school, college, favorite car, first pet and/or first grade teacher
- financial information, such as credit card numbers, banking details and accounts
Many nonprofits collect personally identifiable information from donors via pledge forms. Other personal details are often available on Facebook and other social media platforms. Facebook polls may ask for personally identifiable information such as the first car you drove – seemingly an innocent way to connect with others like yourself.
Clever attackers can search social media networks and pool information about an individual to build an attack.
“This is their job. And they spend six weeks, eight hours a day, investigating you and your company and targeting you,” Curtis said. “They will find something, and they will get in. And if they get in to you, they can get into your company.”
When cybercriminals break into a network, they often begin sending data offsite to their own servers. Some criminals have shifted from demanding ransom money to release sensitive information held hostage on their servers to threatening to publicize that information. This is where your donor data is at risk.
Donors whose information is stolen by a cybercriminal are vulnerable to further attacks. Large gifts may also disclose a donor’s potential wealth and trigger the possible payoff of targeting them directly.
Donors are also not likely to have the level of cybersecurity as the organization that holds their personal information. This is why it is so vital to keep their data safe.
Who are these criminals?
There are three main types of bad actors: cybercriminals, hackers and internal criminals – people you have hired.
Let’s focus on that last item — internal criminals.
“Maybe they’ve become disgruntled. Maybe they don’t like their boss,” Curtis said. “Maybe they applied for a position with your organization for the sole purpose of discrediting you. Maybe they don’t believe in what you believe in. They’re so diametrically opposed to what you do, they want to harm your reputation.”
These kinds of criminals are sometimes referred to as “social eco-terrorists.” These are people who join your organization to sabotage it. They aid cybercriminal businesses by installing ransomware or malware on your network to receive a payout. For someone with access to your network (and therefore, donor data), this is easy money.
The more common form of internal criminality is fraud and embezzlement. Fraudsters can write themselves checks or skim money off the top of orders placed with company credit cards.
Curtis recommends a “zero trust” approach to potential cybercriminal activity.
“Assume that everyone out there wants to attack you,” he said. “That will help protect your network and your donor information significantly.”
Robust policies and procedures help protect you from internal fraud.
The best way to prevent internal crime and protect donor data is to build strong corporate policies and procedures that separate staff duties. Limit employees’ access to your system to the level they need to complete their job. This is called the principle of least privilege. It also goes hand in hand with another important principal: separation of duties.
In accounting, the person who writes the checks shouldn’t be the same person who signs the checks. Similarly, not all information technology personnel need access to the highest level of security on your servers. And human resources staff should be the only people with access to HR information.
Enable auditing on your networks so you can see when somebody is trying to leverage their abilities to go beyond what their duties require. If someone who doesn’t need to access HR information tries once, it may be a mistake. (Not all instances of data leakage are deliberate criminal acts.) If they try three times on a Saturday night, their intentions are probably malicious.
The most secure way of protecting donor data is to destroy records immediately after use. The second-best line of defense is storing donor information digitally in an encrypted database. Your staff members are your last line of defense.
Sometimes an employee can compromise donor data by mistake. This kind of accidental exposure happens frequently, sometimes without anyone in the organization being aware. Take these steps to safeguard against an accidental data leak:
Lock up paper forms. Paper forms are not secure. If you have paper forms with sensitive data, however, keep them in an internal, secure part of the building. Do not store forms with donor data in file cabinets near exterior doors. Be mindful of leaving papers on your desk, especially if you’re stepping away from your office or leaving for the day.
“Your donor list should be kept under the highest level of security you have,” Curtis said. “If it’s on paper, keep it in a locked filing cabinet in a locked office.”
Have a policy or procedure for wiping stored information from electronic equipment. Know the location of hard drives from old computers and servers. Keep track of multifunction copiers, scanners, fax machines and printers as well.
Companies that lease electronic equipment often offer a hard drive cleaning service. This wipes drives of information when machines are rotated out. Have your IT staff monitor this process and ask for a certificate of destruction. Verify that paper is not left on the glass or jammed inside printers before allowing machines to be taken away.
If your organization does not have a policy or checklist for wiping information off electronic equipment, examples are available online.
Encrypt hard drives. Encryption makes sensitive information harder to access on a computer or other piece of equipment. This provides a first line of defense if the equipment is stolen or lost. While you may have to pay for encryption, it’s absolutely worth the cost.
Beware of poor or improper network maintenance. Poor or improper maintenance of your network, or a system misconfiguration, can also leave donor data vulnerable. Common mistakes include not installing a strong enough firewall – or not installing one at all. Someone troubleshooting a firewall can also inadvertently turn off critical aspects.
Potential misconfigurations include an unsecured remote desktop protocol.
“Remote desktop protocol has been used and exploited for the past five years to infiltrate networks left and right. This cause all kinds of havoc and bad days to nonprofits and business owners alike,” Curtis said.
Have a process for sending sensitive information. Such a process could mandate that emails containing donor data are double-checked by another person before they are sent. It could also include putting a time delay on emails. This gives the sender a chance to abort the send if they suddenly realize there’s a mistake or they’ve attached the wrong file.
The best solution, however, is an information rights management system. This system can be programmed to detect key words, social security numbers, credit card numbers, addresses and other types of information. The system then flags a message and sends it to a compliance manager or a supervisor for review before it leaves the network.
“That takes most of the human element out of it,” Curtis said.
Beware of external threats to donor data.
Cybercriminals outside your organization can obtain donor information through several tactics. For example, stealing laptops, tablets, cell phones and even smartwatches can provide criminals with the data or passwords they need to access company information. Criminals can also breach your network, hacking into your system or tunneling in via remote access.
Software and server vulnerabilities can also leave donor data exposed. An unpatched Microsoft Exchange server, for example, can be attacked and compromised via the web. Guard against this by maintaining two Exchange servers, one for email and another that is outside your firewall on a demilitarized zone network (or DMZ) for backing up information.
You can also prevent and detect intrusions with firewalls that monitor incoming and outgoing traffic through a process known as deep packet inspection. This process scans trends in traffic for consistency and normalcy. It can also shut down connections in response to suspicious requests.
By taking steps like these — and working with an experienced IT consultant — you’ll better safeguard donor personal data and reinforce their trust in you.
All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a James Moore professional. James Moore will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.