We don’t intend to be scare-mongers on this blog with so many stories on internet/cloud security. A minority of us will ever have our organization’s site hacked or email breached. The thing is, preventing such invasions is not especially difficult but prevention is a dynamic endeavor. As technology changes, and hackers’ tools changes with it, your organization must adjust accordingly. And once your information is compromised, you’ll desperately wish you had taken a few steps of prevention earlier.
Last week we discussed the need to secure passwords and to vary them across sites because our information is not so much ‘anonymous’ as ‘pseudononymous.’ Aggregates can be used to build up a coherent image of online you by pulling bits from a few frequented sites. We also noted that we would continue the story by looking at the need for security and anonymity for the networked machine – which is what we turn to today.
In 2009 the internet-security company TechSoup suffered a debilitating attack on its machines that kept the company down for a number of days. Though no personal information seemed to be purloined, the attack was PR nightmare: TechSoup services tech and security support for nonprofits throughout the US.
One lesson learned? Nonprofits, especially those that capture online donations, might not be the obvious targets banks and energy corporations are – but nonprofits are sweet targets for hackers.
“There’s a general sense that it’s not going to happen to us or we know we should be doing more, but we don’t learn our lesson until something bad happens,” says Holly Ross, executive director of the Nonprofit Technology Network, a Portland, Ore., group whose members provide technology assistance to charities. “Also, there are competing philosophies between wanting to be as open as possible across your network but wanting to be closed enough to be secure.” (quoted from a story from The Chronicle of Philanthropy, Feb.21 2010)
One of the biggest weaknesses in the security fence at nonprofits is, alas, the staff: everyone must be aware of the need for secure passwords and of the responsibility they take on for their organizations whenever they connect to the home office or download a file to their own devices. And if they are not sure of the email or its attachment, they simply should delete it. Delete it!
Such steps help keep an organization’s donor/staff information safer (NB: not ‘safe’). If you want to turn individual machines ghost-like on the internet, software has been made to make computers truly anonymous by hiding their individual TCP protocol. That protocol identifies your particular computer with any website/chat program/social-media platform. One such program is free: Tor. It creates networks of Tor-enabled computers that encrypt and ‘confuse’ your own computer’s identity to web/cloud platforms.
If your organization has had to contend with attempted/successful hacking, or if you have been developing awareness among your colleagues on the need for security, do please share your experience with us.
And enjoy the long Thanksgiving Weekend!