Security for small nonprofits - DO THIS FIRST

Email Security Education for employees and volunteers

• Email phishing is possibly the greatest cyber security threat faced by small companies

• A little training can go a long way in this area

• Online phishing quizzes can been up your knowledge and defenses (share with co-workers, friends, and family)

  • https://phishingquiz.withgoogle.com/
    (Just make up a name and email address on the first page)

• KnowB4 is an inexpensive service that can test your employees on a weekly basis to keep their guard up

  • Prices are per person per year

  • There are lots of good tools like KnowB4, but that’s the only one I’ve used personally.

Password Management

• Get yourself a password manager and use it

• Never share passwords via email, text, or paper

• Never use a shared account when separate accounts are possible

• Never use the same password at more that one site/service. As password should only ever be used in one location

• See our article on password management for more info

Financial Institutions

• If your financial institution offers multi-factor authentication (also known as 2FA or MFA or 2-factor), set it up and use it!

  • If your financial institution does not offer multi-factor…. get a new financial institution

• DO NOT share account credentials with your board, volunteers, or even co-founders. Each person who needs access to your financial systems (including Quickbooks) needs their own account with their own credentials. Without separate accounts, there is no way to be able to tell who moved money around or paid an invoice.