10 Steps To Staying Safe and Secure Online

22 March 2017

Blog post

In the digital era, internet is a powerful tool for nonprofits to showcase their mission, work, objectives and connect with the community. It goes without saying that in the digital era it is crucial for nonprofits to understand the nuances of online internet security. The Telegraph states how millions of ebay customers were put at risk after hackers stole the personal data of 233 million users and Sony was fined £250,000 in 2011 because bank account names and numbers of 100 million users were stolen.


As Bruce Schneier, Cryptographer and Computer Security Professional has rightly said ‘Security is not a product it is a process’. Safety Does Not Happen by Accident, nonprofits have to work to secure their systems.


Quantum of Cyber Security Threat               


According to the BBC more than 40 million people in the US have had their personal information stolen in 2013, 54 million in Turkey, 20 million in Korea, 16 million in Germany and more than 20 million in China. McAfee mentions that more than 9 million households have had at least one member who gave up their information to phishers and in the first half of 2012, cybercriminals netted over $680 million. In his essay, The Process of Security, Bruce Schneier states that the credit card industry loses $10 billion to fraud per year in the U.S. alone.




10 Steps to Staying Secure Online


  1. Create Strong Passwords: Nonprofits should pick strong different passwords for each individual accounts. It should  be unique with numbers, letters and symbols. A long password with mixed case letters makes hackers difficult to access. A password should have random string of letters and should be changed at regular intervals. ArsTechnica reveals that “22% of “strong” eight-character passwords that contained numbers and symbols could be cracked after 10 billion guesses – compared with only 12% of 16 character passwords.”



Quick Advice: Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password. So if your sentence is “When I was 11, my sister made me fight the neighborhood bully”, your password could be “Wiw11msmmFtnbully”.Bruce Scheier


  1. Be Weary of Phishing Mails: Never click on messages, mails or forwards from people or e- mails not known to you. Any email  that asks for the nonprofit’s financial or organizational information should be ignored and reported.McAfee states that hackers create malicious emails that which look like they come from your friend’s account and it came to light that in 2012, online phishing URL’s were three and half times more than spam URLs. Cybercriminals create emails and websites which look real but are actually a hoax. The Nigerian Scam 419 is one such example.  The  email, from a Nigerian family with wealth, is a desperate cry for help to take out a large sum of money from the country. The scammer asks to cover the legal fees that has to be paid to people who apparently shall release the money! The messages can be so convincing that one clicks on the web link which looks legitimate.



Quick Advice: Don’t get hooked, as any legitimate business organization or company or financial institution shall never send any email asking for personal, organizational or financial information to verify an account.


  1. Install a Firewall: Webopedia describes a firewall as a “network security system designed to prevent unauthorized access to or from a private network and can be implemented in both hardware and software, or a combination of both.” Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. This is basically a barrier with predetermined set instructions and rules and it allows cyber traffic only from trusted sources and blocks the untrusted sources. Microsoft gives a detailed step by step process on how to configure Windows Firewall.



Quick Advice: Digital Ocean warns that in order to maximise security benefits of firewalls, a distinct set of rules has to be maintained for incoming and outgoing traffic. Nonprofits have to understand that incoming traffic originate at a different place and this needs to be treated differently from the outgoing traffic which goes from their own server.


  1. Two Step Verification: Nonprofits’ accounts are e better protected with a two factor authentication of their account. This is an additional security credential like fingerprint or a unique pattern. Google’s Security Checkup  gives a quick overview of recent sign in’s and if any activity has been seen from unknown destination or device, the password can be changed immediately. The idea of two step verification is to confirm one’s identity twice.



Quick Advice: Though slightly cumbersome, lengthy and inconvenient, online privacy and security is crucial. It adds an additional layer of security by combining something you know (password) and something you have (phone or security key)……Adopt it.


  1. Hypertext Transfer Protocol (HTTPS) for Secure Communications: Nonprofits have to negotiate the difference between HTTP URLs and HTTPS URLs. When a viewer interacts with data on HTTP, the data simply travels from one source to another without any security encryption. On the other hand when interaction of data takes place on HTTPS, it differentiates sender and receiver from another. HTTPS works in conjunction with a protocol called Secured Sockets Layer which encrypts the incoming and outgoing data. The comparison of BizTech magazine and Google Blog  clearly shows the difference.  One does not require security to read the Biztech page, on the other hand Google blog provides authentication of the website and web servers associated with it.



Quick Advice: Nonprofits should purchase a time sensitive certificate from a trusted certificate authority. This is a security code created specifically for one user, or even for one Web site. The code is so complex that no one can duplicate or access it.


  1. Give Information on Cookies: It is advisable to have cookies which the nonprofit’s browser stores on the computer at the request of web server. It passes back information to the server every time you educe information from the same server. It provides information only which you want to give and it cannot leak information from a site you trust to a site you do not trust. Cookies are not programs rather text files which contain site name and unique user ID.


Quick Advice:  Google Chrome reiterates that all cookies are not harmful. It helps the website remember the preferred and regularly visited sites so that it can be reloaded whenever one revisits the sites again.


    1. Beware of Malicious Software: Malware means malicious software and many a times with antivirus programs installed, it can still get downloaded. Malware can get downloaded by opening an attachment from a known email, as their file might have been infected. By clicking on a link on a social media site results in downloading a virus. It also spreads through USB and portable drives. It is essential to download Malware scanners which shall search for Malware infections and run a scan. The program Malwarebytes recommends that one should perform the threat scan on every files first and then run a custom scan to remove all kinds of infections and viruses.



  1. Update Software and Backup Information:It is essential for nonprofits to guard their information. It is crucial to get security updates and subscribe to antivirus programs. A regular backup of information to an external hardware should be habitually done, to prevent loss of important information in case the website or email gets hacked.



  1. Understand Privacy Settings: Think before you share organizational or personal information. Do not share more than you need to. Monitor what others post about your nonprofit. Google Privacy Checkup allows users to control and manage what they are sharing. Nonprofits can choose what they want to share like photos, videos or reviews.

Similarly on social media, nonprofits should check the privacy settings of their page or any event page hosted by them. Facebook provides a complete set of questions on selecting audience, reviewing stuff or tagging or manage settings on how to connect. This preserves an open access of information to all and sundry on the internet.


Quick Advice:  In order to protect oneself from fraud, judge all the privacy settings of the site. In the picture below, it is not a phony website. It has https URL and a closed padlock.

  1. Be internet savvy: Read articles and follow news on cyber scams. As Robert Siciliano, Online Security Expert to McAfee states “You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, ‘Claim Your Inheritance!’ Using common sense while surfing the Web can protect you from some hungry cyber-shark.”