Proactive Cybersecurity Action for Your Website and CiviCRM April 26, 2022 by Linda Wu Pagano Thinking in: CMS/Websites, CRM/AMS, Strategy Anyone who owns a home finds themselves doing some kind of maintenance. Tuning up the heating & air conditioning, cleaning off the siding, replacing roof tiles that come off in storms, and more. We all know that keeping up with these ongoing tasks helps prevent bigger problems later. It’s exactly the same when it comes to your digital house; your website and CRM. Taking proactive action preventing disruptions to your operations will save you time, keep your systems running, and reduce headaches in the future. It is more important than ever to properly maintain your CiviCRM and website. With ransomware and hacking becoming more commonplace, being proactive is a great way to minimize your risk for bigger problems and disruption to your nonprofit operations. CiviCRM, Drupal, and WordPress are open source tools. They have a core team that watches out for vulnerabilities – security gaps that open your system up to hackers who could hijack it with ransomware – and creates patches/updates for all users. If the updates apply to your system, it’s important to install them. Otherwise, you run the risk of your website and CRM being taken out of commission for hours or even days. The other risk is donor and member information stored in CiviCRM. This is usually more than just names, but also donation history, login information, addresses etc… Taking precautions to prevent that “personally identifiable information” (or “PII”) from falling into the wrong hands is your responsibility. In this way, keeping your system updated helps protect your constituents as well. It’s not just about the big risks, either. Developers are constantly making sure their software is compatible with developing trends, so updates are also sent out to fix bugs and keep things up to date. When you want to make a change or addition to your site or database, staying current on these upgrades will reduce the risk of something breaking in the process. Unfortunately, not all vulnerabilities will be discovered by the core teams. Staying updated reduces your risk, but does not eliminate it. If you do have to deal with a cyberattack, here are a few things to think about ahead of time: Has your Board had a discussion about cybersecurity? If not, now is the time for that. We share some tips on getting that conversation started in our blog post about Nonprofit Leadership’s Role in Cybersecurity. Have you taken these simple steps to Protect Your WordPress Ecosystem?What will you do if your website goes down? Do the appropriate people know how to get it back up or who to call? If you only have one person with this information, what happens when they are on vacation or out for a day?Are your systems backed up? Anytime we install systems for a client, we recommend having your hosting provider set up a regular backup. Do you know if that was done for your system?If you do find yourself with system downtime, what plans do you have in place? Do you have a way to process credit cards manually? Is there a point person for data entry if information needs to be collected by hand? What other processes might you need in place for each system, if you have downtime? In the end, preventative measures minimize the risk of vulnerabilities in your systems and prepare you to take action if something happens. Be proactive by taking time now to schedule maintenance for your nonprofit’s digital home. As always, our Proactive Support services are designed to keep your system up to date. If you would like to know more, send a support email or contact us. More from Our Series on Cybersecurity: Nonprofit Leadership’s Role in CybersecurityProtect Your WordPress EcosystemSalesforce Password Security Practices Share via: Facebook Twitter LinkedIn
