Community IT Innovators Nonprofit Technology Topics
Community IT offers free webinars monthly to promote learning within our nonprofit technology community. Our podcast is appropriate for a varied level of technology expertise. Community IT is vendor-agnostic and our webinars cover a range of topics and discussions. Something on your mind you don’t see covered here? Contact us to suggest a topic! http://www.communityit.com
Community IT Innovators Nonprofit Technology Topics
Nonprofit Cybersecurity for the Holidays with Matthew Eshleman
What scams are circulating and how can you protect yourself and your organization?
Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman runs through common scams and new tactics that we are seeing at nonprofits and simple steps you and your staff can take at this time of year to be better protected.
Takeaways on Nonprofit Cybersecurity for the Holidays
Common scams
- “Your package couldn’t be delivered” … this email tries to get you to click on a link or respond in some way, using social engineering/helpfulness/urgency to trick you into helping a colleague or sorting out a problem with a package.
- “The Executive Director needs to purchase holiday gift cards for staff” … a variation on the “gift card” scam oriented towards the end of the year, holiday parties, gifts for donors or volunteers.
- Pop-up “your computer has been compromised, call this number” scam … often the pop-up can’t be closed (you should shut down and log back in, and alert someone on your actual IT help desk team.)
New Scams
- Spam bombs… followed by a helpful call from “the IT help desk” ... this scam will inundate your inbox with hundreds to thousands of spam email an hour. This scam tries to get the victim anxious at the spam attack and relieved when “the help desk” notices an increase in spam and reaches out to help.
- AI deep fake voice and video scams… growing in presence as the tools to create deepfakes become more available and affordable.
Protections Against Holiday Scams
- Stay suspicious, particularly at the end of the day before a holiday break and the week before that break.
- Be particularly suspicious of in-bound calls and new contact information at any time of year, but particularly around the holidays. Do not give your log in credentials or other information to someone who called or texted you, claiming to be from IT or your bank.
- Review your incident response plan, particularly your phone tree, before the holidays. Make sure you know who to call to report a suspicion or problem, and make sure that your point of contact has a substitute for when they are out of the office for the holidays. Who is “on call”?
- Have strong cybersecurity already in place. Strong passwords, MFA requirements, physical MFA keys for staff who are particularly targeted like your Executive Director and CFO, staff training on the importance of cybersecurity to protect your organization – maybe even a quick training on holiday scams to watch out for … taking proactive steps will give you peace of mind during your holidays.
- Do not be tricked into using a work-around. Always use your established procedures.
- Do report something, using your incident response plan. If you did click on something suspicious at 5pm on a Friday, use your response plan to report it immediately to the person on call for your cybersecurity.
Community IT seeks to provide trusted advice and guidelines for nonprofit cybersecurity safety around the holidays. If you have questions on cybersecurity assessments, staff training, incident response plans, or other cybersecurity topics, reach out and schedule a conversation or assessment with Matt.
_______________________________
Start a conversation :)
- Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
- email Carolyn at cwoodard@communityit.com
- on LinkedIn
Thanks for listening.