Today is International Charity Fraud Awareness Week, a global effort to help charities and donors avoid charity fraud. The FTC joins state charity regulators, the National Association of State Charity Officials and international partners in this effort. By joining forces we can provide information and advice to even more charities. This year the focus is on what charities can do to help protect against cyber threats. We hope businesses will take this message to their communities and share the FTC’s free cybersecurity resources.
Why do we ask you to help spread the word? There are two reasons. First, business leaders play a key role in the nonprofit sector – donating their time, serving on charity boards, and sharing their expertise with community organizations. Second, you know from experience the dangers hackers and scammers pose to unsecured networks. So when business executives talk about this topic, charities listen.
Cybercriminals pose special risks to charities. Local nonprofits may not have the IT professionals to protect against unauthorized access. That’s why hackers sometimes target nonprofits, taking advantage of any opportunity to break into networks, steal data, and even divert funds from those in need. How did they do it? Scammers may try to trick staff into giving them access to the organization’s network, or they may lure staff or volunteers into downloading malware that could damage the charity’s computers. From a charity’s perspective, any money lost to fraud is too great. A hack that shuts down a system, even for a few hours, could have a catastrophic impact on a fundraising campaign, not to mention the potential for donors to lose faith in a group if their information is compromised after donating. .
The FTC’s Small Business Cybersecurity website offers resources (fact sheets, quizzes, videos, etc.) for the nonprofit sector. Resources on ransomware, phishing, business email impersonators, web host recruitment, and more can help charities protect the data they collect, including donors’ personal and financial information. You’ll also find key tips on training employees and volunteers to protect your organization’s files and devices, reject phishing attempts, and protect your network.
Don’t know where to start? Next time you have a board meeting or donate time to a favorite charity, suggest they start with the basics:
- Set the software to update automatically.
- Protect files with offline backup.
- All devices require a password.
- Use multi-factor authentication such as PIN or key.
- Encryption device.
These are just some of the tips you can find at FTC.gov/Cybersecurity. All information is also available in Spanish at FTC.gov/Ciberseguridad.
