What Does Your Charity Need to Know to Prevent Cyber Crime?

Did you know that October is Cybersecurity Awareness Month? It is a valuable time for Canadians working in the charitable sector to learn about the steps they can take to stay cyber-secure and protect themselves, as well as their devices, against online threats.

As many important aspects of our lives now exist online—from banking and work documents to photos and medical records—staying on top of cybersecurity protocols is paramount. In a professional setting, especially with remote teams, companies need all hands on deck to keep their organizations free from potential cyber threats. Every team member has a responsibility to educate themselves on cybersecurity and follow the best practices recommended by cybersecurity experts.

In honour of Cybersecurity Awareness Month, CanadaHelps' IT team has answered the pressing questions charities want to know about safeguarding their teams and minimizing cyber threats.

‍

1. Is it important to use a strong email password?

Yes, you must ensure all members of your team are using strong, unique passwords, especially for email accounts. 

Using strong, unique passwords is one of the simplest, and most reliable means to improving your charity’s overall cybersecurity.

More people than you would think rely on “123456” or “password123” as their password for everything! 🤯 

To create a strong password, our experts suggest using a passphrase, and having one uppercase letter, one lowercase letter, at least one number, and 11 or more characters. Another important point is being sure to use different passwords for different accounts.

‍

2. Do we need two-factor authentication?

Yes, we highly recommend implementing two-factor authentication for logins. Two-factor authentication (sometimes stylized as ‘2FA’) is a method of login authorization that requires the user to prove their identity in two ways before they can use the application or organizational resource. 

Two-factor authentication makes it more difficult for ordinary cyber criminals to steal your information. If an attacker manages to gain access to your password for example, they would still be unable to access your account without getting past the second authentication source.

With 2FA, the first factor is your strong password and the second factor involves retrieving and entering an email or mobile code, or using an authentication app.

Setting up 2FA across multiple accounts and logins can be time-consuming. We recommend starting with your email accounts and moving to other applications in order of importance to your charity thereafter.

‍

3. What is a “Phishing Email”?

A phishing email is a fraudulent email, intended to trick the recipient into revealing sensitive information about themselves or their organization, such as passwords, credit card numbers, or personal details. 

The purpose behind phishing scams is to ploy the user into clicking on a link to a fake website or opening an attachment that will subsequently infect the user’s device with malware.

Phishing emails typically appear to come from a legitimate source, like a bank, a popular online service, or even the name of a known contact in more sophisticated scams. Exercise extreme caution with all unsolicited emails that request your financial or personal details.

The most common phishing emails are ones that claim to be from recognizable service providers—such as your bank, Microsoft, or PayPal.

Other suspicious characteristics to look out for in unsolicited emails:

• Suspicious links or attachments
• Sense of urgency, requiring fast or immediate action.
• Generic salutations like "Dear valued customer" instead of using your name.
• Poor grammar or spelling mistakes
• Impersonation of trusted entities, beware, phishing scams can be highly sophisticated.

‍

4. Should I open an attachment from an unknown source?

No, and this point cannot be stressed enough. Receiving an emailed attachment–or instructions to click or download a file–from someone you do not know or recognize is extremely suspicious. 

If you receive an email with an attachment from someone you do know but were not expecting to hear from, it is still suspicious and you should proceed with caution.

Our security team recommends contacting the friend, co-worker, or family member that sent the email and confirming that they indeed meant to send you the message with an attachment, to ensure it is safe to open. Additionally, we advise you to scan attachments with an antivirus program whenever possible.

‍

5. Are public WiFi networks safe?

Our security team recommends avoiding the use of public WiFi networks. 

Unfortunately, it cannot be guaranteed that public wifi networks are safe. Moreover, cyber criminals have been known to pose as free wifi spots and use this to steal passwords and banking information.

‍

6. How often should we change passwords?

Switching passwords at regular intervals is a low cost, and low-barrier practice charities can take to safeguard against cybercrime. 

For sensitive logins such as financial systems, confidential employee records, or other high-risk programs, the CanadaHelps IT security team recommends changing passwords every 60 to 90 days as a safety prevention practice.

If you receive notification of an unwarranted login attempt or have reason to suspect your charity has been the victim of a security breach, change your passwords immediately. Passwords should be changed following a data breach or phishing attack to mitigate potential damage.

In a world where cybercriminals continue to get more sophisticated, it’s vital that the charitable sector learns and implements strategies for how to prevent security breaches, so you can adequately defend yourself, your organization, and your mission against security threats.

Start with educating your employees about cybersecurity, and the daily practices they can take to safeguard themselves against attacks. This is ultimately your organization’s best defense against cybercrime and the optimal way to stay protected. 

‍

Want to learn more about topics like cybersecurity, and develop your charity’s technical knowledge and skill sets? Charity Growth Academy is a free online program for Canadian charities. Join today, and learn how to leverage new technology and embrace a digital-first mindset.