It’s no secret that online communications tools are vital to any organization’s success. Online hackers have turned these resources into an opportunity to attack. Chapter leaders are busy people and work fast to keep chapter operations moving. Working quickly can lead to small mistakes that leave a chapter vulnerable to a cybersecurity meltdown.
In our Chapter Rescue series, we previously demonstrated how financial fraud can impact chapters and their bottom line. Closely tied to fraud is the ever-present threat of a cybersecurity attack, and the fallout can be just as serious. Even if you think you have a security plan in place, complacency in the face of dynamic threats can hurt you and your chapters.
The New Frontier of Cybersecurity Attacks
Skilled at keeping the security industry on its toes, cybercriminals are constantly developing more sophisticated hacking methods. Chapters need to be on the lookout for spoofed websites, fake apps, phishing emails and texts.
Phishing scams are communications from someone attempting to trick you into disclosing personal information or exposing your device to malware. Methods may include email, phone calls, or even text messages. Hackers can use automated software to spread malware via compromised emails or websites.
For example, a chapter receives an email that appears to be from National requiring them to click a link to read a new chapter policy or verify personal information they have on file. Would they know not to click on the malicious link or comply with the information request?
Recovering From a Cybersecurity Attack
In the event that a chapter is victim to a cybersecurity attack, it’s time to start pulling in the experts on your team. Making sure your bases are covered may mean consulting IT, communications, legal and memberships teams. Have an IT professional investigate how the breach occurred and how to stop it from happening again. After regaining security, you can restore lost data from your backups.
Your ability to get back to business after an attack will be based on your preparedness. Consider putting the following measures into place:
Data breach plan
Consult with cybersecurity experts to outline a data breach plan. Include a plan for notifying anyone whose personal data has been compromised. Every state has a data breach notification law with specific requirements and deadlines to notify.
Can your chapters quickly restore data after an incident? Instruct chapters to regularly backup data and have redundancy plans in place.
Contact your insurance to learn more about cyber insurance policies and understand the limitations of your current policy when it comes to phishing attacks.
Preventing a Cybersecurity Attack
Technology is changing every day. It can be hard to stay one-step ahead of scammers. Protect chapters from con artists by putting prevention measures in place. From training to security audits, let’s dive into preventive strategies to minimize the chance for hacks:
Your chapter leaders are your best line of defense against cybersecurity threats. Arm leaders and volunteers with the training and knowledge they need to protect member and donor data. Employ the use of webinars and include information on how to safely use personal devices if they are connecting to a chapter or National network.
Use email blasts and online portals to keep cybersecurity top of mind for chapters. Both are great ways to disseminate resources like actionable tip sheets and checklists. As they are bound to pop up, use news of security breaches as teachable moments and touch points to deliver security readiness reminders.
Many companies, such as KnowBe4, provide automated phishing test services. They are able to simulate phishing emails to see if your chapter leaders will take the bait. You can utilize the results to create a training video that shows them what to look for and avoid being scammed in the future.
Policies and procedures
Update your policies and procedures regularly and keep them easily accessible. Have known procedures for actions like payments, money transfers and information requests. If a scam email comes through to chapters with actions that fall outside of these guidelines, they will be much more likely to raise a red flag.
Arrange for annual audits of your network’s security perimeter. Audits will help identify any potential weaknesses or unsafe procedures to address with chapters.
Website contact information
Use email forms on your public website rather than listing contact information to prevent cybercriminals from scraping email addresses and other information that can be used in phishing emails.
The creativity of cybercriminals continues to evolve as technology does. Having a sound security plan and well-trained chapter leaders is essential to keeping information secure and in the right hands. In the next post in our Chapter Rescue series, we take a deeper look into concerns over the security of member’s data privacy.