Justin is Funraise's CEO, a co-founder, and a bad-ass, experienced nonprofit fundraiser. Like a true fundraiser-turned-founder, he breaks down the concepts behind Funraise's mission everywhere he can make nonprofits' voices heard.
Donor trust is your single greatest asset.
When I was at Liberty in North Korea we trained our team on how to be digitally vigilant.
Most cybercriminals come through your front door.
Usually by an employee with a compromised password or clicking on a URL that looks like your domain.
We hired a cybersecurity firm to execute a phishing scheme against our staff to understand our baseline.
The scheme was a "shared Gdoc" (with a slight domain misspelling in the URL) that once clicked asked our staff to sign in. Nearly the entire staff was compromised through this exercise.
If it was a real cybercriminal, they would have had access to:
- bank info
- donor & client records
- 10 years of video footage
- internal staff and board communications
All they needed was to compromise one employee with decent access to get nearly everything.
Your goal as a nonprofit should be to mitigate the risk as much as possible and minimize the compromise if attacked.
- Decentralize employee access so criminals can't leapfrog to more sensitive data.
- Run penetration tests annually against your staff to keep them on guard.
- Ask your vendors for their security policies.