Consumer Alert
Data security applies to charitable organizations, too
This week is Charity Fraud Awareness Week, an effort run by charity regulators, law enforcers, and other non-profit stakeholders from across the world. It’s an opportunity to remind charities and other non-profit organizations of how important it is to secure their networks and protect any consumer data they collect from donors, employees, and others. This will help protect the organization from scammers, hackers, and identity thieves.
If you work at a charity or other non-profit organization, you’ll want to see what’s at ftc.gov/cybersecurity, an FTC website with free practical resources to help any organization implement data security strategies. This week, join others in raising awareness about the importance of maintaining an organizational culture that encourages protecting personal information by sharing the information at ftc.gov/cybersecurity with the rest of your organization’s staff. Having an informed workforce is key when it comes to protecting data. So, for example, implement measures to protect files and devices, such as:
- Keep software up to date and back up your files. Set software to update automatically and create offline backups of important files. That way, you have access to them even if your network is compromised.
- Require multi-factor authentication for employees to access areas of your network with sensitive information. This requires additional steps beyond logging in with a username and password — like a temporary code on a smartphone or a key that’s inserted into a computer.
- Require passwords for all laptops, tablets, and smartphones. Don’t leave these devices unattended in public, even locked in a car. They may have sensitive information that, if they’re stolen, could fall into the hands of an identity thief.
It’s also important to know what to do if something goes wrong. What steps would you take to minimize the damage if you discover that your business email has been hacked? Or if someone took over your system and demanded a ransom? Read more at ftc.gov/cybersecurity, and then share within your organization.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.