Cyber Assaults: How can Charities Defend Themselves?

Nowadays, Internet is considered as one of the most useful tool for everyday living. It does not only provide entertainment, information and income to users but it also serves as an instrument for charitable foundations and non-profit institutions to acquire funds to sustain their goal.

Charitable institutions exist to provide help to those who needs it and because charities have funds and budget they need security for their resources like any other small or big enterprises. Not only should the funds be safeguarded but also the donor’s personal information. An example of non-profitable organization that acknowledges the need for security is TechSoup Global. They express their security considerations for non-government organizations and also provide libraries with professional software, hardware and services for Information Technology activities. Because TechSoup Global is a non-profitable institution, it accepts donations from bigger companies or personalities through Internet programs. The donations are collected through credit cards which necessitate in accordance to Payment Card Industry.

Although many institutions have IT programs the same as TechSoup Global, its security control is minimal. It only uses traditional security defenses, thus allowing private information and data vulnerable to breach.

Besides abiding with Payment Card Industry, manufacturers who donate products to TechSoup Global such as Intuit, Microsoft and Adobe authorized personal data protection and safeguarding. A senior director from Techgoroup Global gave an explanation about what they are currently facing, saying that they are of course obligated to safeguard information of manufacturers, colleagues, employees and clients which is why they are going through every possible procedure to make sure that everyone is secured. He also said that he believes that known manufacturers are now realizing the importance of security, thus making sure that their company is seriously taking appropriate actions.

Lately, TechSoup Global encountered an assault to steal information from their system. Fortunately, the breach was not achieved by the attempters. The main site of the company was down for about two days to find the cause of such susceptibility and to sort out the problem.

What should non-profitable organizations gain from the experience?

Tip 1: Defend and guard the application layer of the program

Charities should always be ready for any assault. Although most institutions have website securities, firewalls and other anti-virus and intrusion programs, they should not be too confident about their safety. Charities must think ahead and never be too assuring of themselves.

Remember, there is no perfect security program. There is no technology that is a hundred percent sufficient to defend a website from breach like SQL injection assaults, cross site scripting and session attacks. Furthermore, perimeter technologies only protects the network layer and not the application layer which means that they are only able to check the HTTP headers and are unable to examine URL and HTML of requests. Therefore, programs like this are incapable of detecting malicious code injection made to steal data. According to Collin, charities should guard their website at every possible level because once a hacker breached into an application layer, there is no stopping them so protecting each and every network layer is important.

To effectively guard an application, a website should facilitate different security programs. First and foremost, it is necessary to assess site vulnerability by conducting penetration tests at least twice a year. This kind of test, also called as pen tests are cheap and effortless. Another security procedure is to scan every product code and of course the implementation of website application firewalls is important.

After the breached attempt at TechSoup Global, they started strengthening their security by acquiring a website application firewall as an addition to their pen tests. The firewall stops an attack and emits alerts to alarm the website’s security personnel. The firewall definitely provides security features and TechSoup Global is now gaining full visibility through the application.

Be aware of the location of your data and the persons who access it

Aside from external assaults, inside attacks is another security problem for websites. An organization should be aware that employees and any member of the website can be a threat. Insider assaults should not be disregarded and data must only be shared to trust-worthy personnel.

Location of data and files must be well protected. Most organizations are being negligent where they place their files. Remember that database that is being tested might contain important data. The complexity of service oriented architecture assimilations can cause problems when searching and guarding information.

Due to the fact that charities depend on volunteers, they must be mindful and sensible where their data lies. It is also important to know all persons who are able to access information from the site. Truth is website audit logs are often turned off because it can cause slower performance and even if it is turned on, some users might still be able to change it.

To protect from insider assaults, charities must acquire a database monitoring program to inspect audit logs independently.

Shift from website to data safeguarding.

Non-profitable institutions must take more appropriate actions on data security rather than safeguarding the website alone. Know the proper and exact tools for protecting their site. Collin said that database and application securities are now changing the way they manage files. Enhanced security protocols make them more at ease. Having protection allows managers and staffs of the company to be comfortable, knowing that there are appropriate procedures applied to safeguard every layer of application.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.