More and more nonprofits are reporting security breaches in their digital marketing efforts. Wired magazine chronicles how hackers have attacked multiple nonprofits, and even Blackbaud recently fell victim to a ransomware attack.
Fraud attacks can happen on many fronts.
Facebook pages, as noted in the piece from Wired, can be targets for fraudsters to take over your organic social program, posting as your organization. Fraudulent posts can range from the offensive to the scammy.
Donation forms can be targets for fraudsters to test stolen credit cards. A tech lead at a nonprofit told us about discovered thousands of fraud attempts running through their donation platform (they use an extremely popular nonprofit digital marketing suite and have high standards for their AVS settings).
Nonprofits have proven to be an easy target for cyberattacks. If you’re a nonprofit marketer—how do you prevent fraud (or, at least, be prepared for it if it happens)?
Information security education
Don't roll your eyes. Everyone needs a baseline understanding of security practices. Our friends at Tech Impact have oodles of resources to get you up to speed.
Pro tip: We recommend committing to a security training schedule and regimen, so that your team can stay on top of what’s happening. Nonprofits can fall victim to social engineering and phishing scams, just like any organization. You must train your staff on the ins and outs of these cyberattacks (saying this is earning me major cred with our IT staff, btw).
Perform a security audit
Nonprofits need to prioritize security for online marketing, including documentation of your security processes and workflows, standardized password management protocols (no more shared user accounts!), and implementation of SSL on your website. That’s scratching the top layer.
We’re betting an espresso and a conversation with your tech team will help. If you need additional guidance, check out the NTEN Community Forum.
Better user management
Attacks are compounded when nonprofits leave former employees, contractors and partners as admins of their accounts.
A former employee or contractor doesn't have to be disgruntled. If their online accounts get compromised, any page or account linked to the compromised account is in trouble.
Establishing user management practices can enhance your control, and therefore make your program more secure.
Enable, where possible, multifactor authentication (MFA)
Also referred to as two-factor authentication (2FA), this practice is now commonplace with many tech applications. You may have seen MFA options suggested in your own use of Facebook, Gmail and other common apps.
Google offers some pretty sweet 2FA tools and options. And Facebook improved their MFA back in 2018. Read more here and here.
Educate yourself on your donation form security
Credit card fraud resulted in $149 million in total losses in 2020.
Nonprofit donation forms are easy targets, optimized to the fewest decisions possible, which might mean loose security standards. As marketers, you should be aware of the security settings and protocols you've enabled on your CRM, including AVS (Address Verification System) and CVV (Card Verification Value) settings, velocity control, and testing the use of CAPTCHA or reCAPTCHA.
Ask your CRM for protocols on fraud escalation
When and if you’re attacked, the last thing you want is to submit an IT ticket and wait to be contacted. If nothing else, there’s a piece of mind in knowing how your CRM handles the urgency of fraud attacks.
These are baby steps. But they do work. And they are important for you to be aware of how to handle similar situations.
Want more info about donor privacy?
Check out these related pieces:
Leave a comment: