Nonprofit Accounting Basics

Information Security and Privacy (Part 1)

Note: Articles published before January 1, 2017 may be out of date. We are in the process of updating this content.



In the face of increasing risks of cyberattacks and data breaches, associations must take measures to keep their information secure. Here, a primer on a few key software measures and user practices you can adopt to set a solid foundation for information security.

In the past week, you likely have received an email in your inbox that “pretends” to be from your bank, an e-commerce vendor, or another website. This style of technology-based social engineering attempts to obtain confidential information from individuals within an organization with the goal of accessing the organization’s network.

A breach of data is defined as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record, including debit and credit card information, is potentially put at risk.

We have heard about such successful hacker attempts, including:

  • the South Carolina Department of Revenue in November 2012, where 3.9 million South Carolina tax returns and 387,000 credit and debit card numbers were exposed;
  • Target, in November and December 2013, where credit and debit card information of 40 million customers was compromised;
  • the University of Maryland in February 2014, where 287,580 records were exposed.

As of March 27, 2014, the Identity Theft Resource Center reports that 204 data breaches were reported, with 4,238,983 records of confidential information exposed. The financial and reputation costs of these kinds of losses are enormous.

What to Watch For

Two widely-used techniques of social engineering deception:

  • Encourage an unsuspecting user to open a malicious email attachment. Attachments can contain malicious programming code that can run on your computer without your knowledge. Backdoor Trojans, which can enable an attacker to control an infected computer and steal confidential information, are a significant and tangible threat to Windows users.
  • Encourage an unsuspecting user to click on a hyperlink within an email. If you click on a hyperlink that opens the page of a malicious website, a file carrying a virus can be sent to your computer. Viruses can make system changes to hide or protect other malicious components.

In either case, the malware will seek ways to either transmit information back to an external location or cause problems on your network.

Support for Windows XP Discontinued

As of April 8, 2014, Microsoft has stopped support for the Windows XP operating system. Your organization may decide to replace all Windows XP hardware or isolate the hardware by disconnecting the hardware from the internet and the local area network.

Additional security steps are to demote user profiles from administrator to standard user, select a reputable malware removal product (because Microsoft will release only limited updates to Microsoft Security Essentials for Windows XP), and never connect to an unsecured WiFi such as in an open coffee shop. When you connect to a WiFi without password authentication, you are vulnerable to malicious software on any computer.

To help you move files from an older PC to a newer PC, Microsoft provides free 24/7 telephone support at 1-877-534-9644.

Windows 7 and 8 and Microsoft Office Security Updates

Your Windows 7 and Windows 8 operating systems need to stay up to date with Microsoft updates and security patches in addition to your Microsoft Office program updates. Microsoft Security Essentials can be used with Windows 7 to detect and remove malware. To update Windows 7 and Microsoft Office, click the Start button, click “All Programs,” and then click “Windows Update.” Check for and install important updates.

Windows 8 incorporates features to block online activity, turn on Windows Update automatically, use Windows SmartScreen as a new phishing filter, and use the installed Windows Defender to run in the background and scan for malware. Learn more in “Windows 8: Explore new and improved security features.”

Adobe Acrobat Security Updates

Both Acrobat Reader software and the fully licensed Adobe Acrobat program must be updated regularly. To update any version of Acrobat Reader or Adobe Acrobat, click the “Edit” menu and select “Preferences,” then select the “Updater” category on the left. It is recommended to select “Automatically install updates.”

End User Security Awareness

Each computer user must maintain a security awareness while processing email, opening files, and browsing on the internet. Be a strong link in your security chain by following these guidelines:

  1. Keep your operating system and application software up to date.
  2. Always return to the password lock screen of your computer before walking away.
  3. Always use a lock password on your smartphone Never store confidential data on a thumb drive.
  4. Never click on an email URL or open an email attachment that is suspicious.

Additional security topics will be covered in parts 2 and 3 in this Information Security and Privacy series.