Portfolio and Wessel Accounting offer free security reviews for nonprofits in 2016
By Laura Haight
There is no way to know for certain how many nonprofits were hacked in 2015 or are in the process of being hacked right now. But many security organizations and cyberthreat analysts believe it is at least as high — if not higher — than the rate for small business.
Like small businesses, nonprofits are disproportionately victimized by fraud and hacking as well as underprotected by controls and detection measures. This assessment from the Association of Certified Fraud Examiners is a wake-up call for nonprofits that do not realize how at risk they are. To support the nonprofits serving critical needs in the Upstate, Portfolio and Wessel Accounting are offering to provide their BizSafe Security Review for free to one local nonprofit each month through 2016.
BizSafe is a scalable tool to help assess, identify and mitigate the veracity of internal controls and security procedures that could be leaving a business or nonprofit vulnerable to hacking, cracking or fraud. The service is jointly provided by Laura Haight, a former IT executive and president of Portfolio, and Kelly Wessel, former director of internal audit for the Greenville Health System and president of Wessel Accounting.
Although periodically news of a hack or exposure of a nonprofit comes to light in the news, there is a shortage of hard data to analyze. Experts like the the ACFE and the Hauser Center for NonProfit Organizations at Harvard University, see this not as a lack of risk but a lack of public reporting.
In the small business sector both the National Small Business Association and Symantec reported that in 2014 more than 60 percent of small businesses in the US. were hacked. That trend only expanded in 2015, every cyber expert admits. Across the board, the ACFE estimates that 6 percent of revenue for all businesses is lost to fraud or hacking. In many cases, attacks and embezzlement that the business is unaware of. When it comes to cybercrime, the FBI has stated that most businesses have a hacker in their systems for 18 months before they even realize it, and most find out when the FBI comes knocking at their door.
Experts believe nonprofits are at least as vulnerable - and most more at risk - than other small businesses. In addition to detailed donor databases including names, addresses, donation amounts, banking information and even in some cases credit cards, nonprofits have information about grants given and received, as well as clients they serve. They may have health records or family information. All of these are important data points that hackers or cybercriminals will use to build a profile and hack identities. Additionally, websites are particularly vulnerable because they are often not regularly updated or have support staff to fully monitor their security.
“Kelly and I are very concerned about the vulnerability of nonprofits and we hope that by offering our BizSafe service to some local organizations we can raise awareness about the risks, the availability of solutions and the importance of educating and protecting ourselves, our businesses, our donors and our sustainability,” noted Haight.
You can learn more and nominate your favorite nonprofit by visiting the BizSafe website: http://www.bizsafesc.com/nonprofit-program/.
More about nonprofit security
Building a culture of cyber security in your business is a critical piece of any functional security. And if you don't know what that entails, October, national Cyber Security Awareness Month, is a great time to get started.
Nonprofits live and die by volunteer contributions. But often they risk security in the process. There are some do's and don't's that can help you have both!
Planning for unexpected and unlikely is a hard thing. But ask businesses up and down the South Carolina coast how important it is to have an emergency plan. Hurricane, tornado. power outage, ransomware - the disaster may be different, but you need a response.
Nonprofits, regardless of size are a profitable target for hackers. The reliance on volunteers, tighter purse strings, and lesser likelihood of having strong IT support makes them attractive targets. Here's how to even the odds a bit.
61633338 - people, family, charitable organizations and nursing concepts, close-up of two hands holding a family of four
Exposure to hacking, cracking and fraud is a huge risk for nonprofits. So Portfolio and Wessel Accounting are offering their BizSafe security review to a dozen nonprofits in the Upstate of SC for free this year. Find out how you can nominate your favorite nonprofit for one. Friends don't let friends get hacked.
There are times when you need to be an operational thinker. When you need a backup plan that will work in a pinch and get the job done. It may look like you're flying by the seat of your pants, but any good plan comes from lots of advance preparation. Here are some keys to making sure your backup is there for you when you need it.
We want technology to be simple, yet often we run from the simple answers. "It can't be that easy." Sometimes it can. Some tips to spot phishing emails. Pass them on.
Shadow databases are risky business, but widely used. But well-meaning volunteers or hard-working employees may expose your business to unnecessary risk. Don't be one of the 60 percent of businesses that goes under after a data breach. This risk is avoidable.
Guest blogger Kelly Wessel is all about the importance of internal controls in preventing fraud for small businesses and nonprofits. But some very small nonprofits think they can't create the separation of duties normally required. Not so. Here's a scaled back way for small nonprofits to add layers of controls.
Nonprofits are among the most vulnerable businesses. Running lean, keeping costs below minimum, focusing on their mission are all exactly what donors want to see. But they are also the behaviors that leave nonprofits at risk for fraud, hacking and cybercrime. First in a continuing series.