How many of you have received an email from a company that read something like this: “Unfortunately, there was an intrusion on our website and some of your information may have been stolen.”
Hopefully your nonprofit hasn’t had to send an email like this and you’ve never really had to think much about your security on the web. Luckily, staying safe on the web usually requires you to avoid certain actions, not do a ton of extra work. All you need is a little help knowing what not to do. If you’re looking for help, here is a list of four things your nonprofit should almost never do in order to stay safe on the web.
1. Never Store Confidential Information on Your Website’s Server
You should almost never store confidential information such as credit card numbers, social security numbers, or health-related information on your website. What this means is that you shouldn’t upload this information via FTP, add it via a content management system like WordPress, or have users provide this information through online forms.
Why is Storing Confidential Information on Your Website Risky?
The biggest risk in storing this type of information, and often the most unknown, is that this information can often end up publicly available as long as someone has the URL. For example, if you use the WordPress media manager to upload a file, it instantly becomes available to anyone online as long as they have the web link.
Furthermore, if someone you know is building a website for you and says it’s easy to store credit card information through an online form submission, think again. Storing credit card information is horribly risky, presents serious legal liability, and if not stored correctly may allow you to incur fines from major credit card companies.
How to Store and Send Confidential Information
If you’re looking for a way to store and send confidential information take a look at Box.com. It not only allows your organization to store files, but it encrypts that data and offers the ability to send a password-protected link. This gives you that extra layer of security, while storing the files in a place that you know will be safe.
If you absolutely must receive confidential information via online forms, use a form tool like WuFoo and store the data on their servers. They will most likely have better encryption and security than your website, and will limit your organization’s level of liability.
2. Never Use the Same Password for All Your Organization’s Web Accounts
This one goes for your personal accounts too, but you should never use the same password twice, especially on your nonprofit’s web accounts.
Why is Using the Same Password Risky?
Using the same password again and again increases the risk that all your accounts will become vulnerable since only one of the website’s you used must be hacked. One of the biggest concerns is that most websites are regularly using your email address as your username, which means it’s likely that if one of the websites you use gets hacked, they would have both the email address and the password you use on multiple websites.
How to Keep Your Passwords Safe and Unique
Most organizations already know they need to use different passwords, but have no idea how they are supposed to remember so many different passwords. The key is a password storage tool. The one I’d recommend is called LastPass and requires you to remember only one master password. Not only is the tool safe, but it will automatically log you into websites and will generate secure passwords for you every time you sign up on a new site. LastPass also allows you to share passwords if someone else on your staff needs access.
3. Never Fail to Back Up your Website’s Files and Database Regularly
Fine, I admit it. This one does require some action, but it was too important to leave off. Your organization must be backing up your website’s files and database on a regular basis.
Why is Failing to Make Backups Risky?
It’s not likely, but it is possible your website files will be deleted on accident or by an intruder. It’s also possible that your database may become corrupted, and all of your content will become unusable. Your web hosting company may be backing up your website, but it’s absolutely worth checking with them. If not, you could end up losing months or even years of the hard work it took to make your awesome website.
How to Back Up Your Website’s Files and Database Regularly
Setting up backups for your website is usually something that requires the assistance of your hosting company or web design company. If you’re using WordPress, we’d recommend trying out BackupBuddy to back up your website. On Drupal, check out the Backup and Migrate module along with Backup and Migrate Files. Otherwise, check with your hosting company. They’ll almost definitely have a recommended backup tool.
4. Never Click Suspicious Comment Links
If your website is getting a ton of comment spam, it usually means you’re doing something right because all those spammers were able to find your website. No matter what it takes though, fight the urge to click those spammy links. They could be disastrous for your computer and others on your network.
Why is Clicking Suspicious Comment Links Risky?
Clicking comment spam links may cause you to end up with a virus or malware that may affect your computer, and possibly others on your network. This could lead to your private information being stolen or publicly shared. I imagine you want nothing to do with a situation like that.
How to Avoid Viruses and Malware from Comment Links
This one is a little obvious, but don’t click the links. If you find yourself struggling to weed through all the comment spam, take a look at adding a CAPTCHA to your comment form or if you’re on WordPress, using a tool like Akismet.
Now that I’ve gone through my list, is there anything else nonprofits should never do in order to stay safe on the web? Have you ever had issues with security on the web? If so, what did you do to fix it? I’d love to hear your thoughts in the comments.