News & Views

A blog for those interested in what affects, motivates and drives the New York City Nonprofit Sector — written by CRE’s crackerjack consulting team. We hope you use this space to share your thoughts, ask questions and engage in conversations about our city, social justice and the nonprofit sector.

IT Without IT, Part 11: Security, Malware, Viruses, and Scams

By Ero Gray - This is the last post in a continuing series aimed at nonprofit organizations with limited access to IT staff. The advice and opinions here will tend to be most useful to small and startup nonprofits, which often need to make IT decisions and accomplish IT tasks despite not having qualified folks to help. It should be assumed that all suggestions here are my attempt to recommend the simplest/easiest/most effective options for most offices. Your office may be quite different (or it may not even be an office). Also, as I'll frequently note, IT staff are necessary for any organization to function for long.

It should be apparent to anyone who's used a computer once or twice that we live in a golden age for identity thieves, scammers, and electronic frauds. The Internet is full of hoaxes, chain emails convincing you that Bill Gates is a retired Nigerian general with a cookie recipe and a forged birth certificate, and emails selling you personal enhancements at a price you can't afford to miss. News items continually report privacy violations, prominent websites hacked, and virus infections that spread like wildfire. If you want to go about serving your community as a nonprofit, you need to get around all this nonsense, or at least as much of it as possible, and stay non-scammed and safe.

Ultimately the only way to do this is to be thoughtful and careful and know a little about the limits of electronic communication. If you're lucky enough to have some access to IT staff, using them to protect you from your own (or your staff's) poor judgement is sort of a waste of their time (though a common one). If you don't have access to IT staff, then you need to be even more proactive, because a small slip can be extremely difficult to recover from. I'm going to just run through some exhortations here, so forgive me if this week's section just sounds like a rant. (Unhinged rants, of course, being another hazard of the Internet).

  1. Email is inherently insecure. It's the equivalent of sending notes via paper airplane and can be intercepted and read. Assume that things you send by email can and will be read by unfriendly eyes. (OK, that's a paranoid overstatement, but only just barely).
    • Never send a credit card number or social security number or bank account number by email. Don't trust anyone asking you to.
    • Don't open attachments unless you know who they're from, and you have a pretty good idea what they are.
    • Don't forward chain emails, especially if the emails themselves command you to. Don't believe "oh my god did you know..." emails unless you've checked them against Snopes.com. Things that sound like hoaxes usually are.
    • Remember that email addresses can be 'spoofed' and email can appear to come from a reputable source (or even from your own address) though they're actually from a malicious teenager on the other side of the world.
  2. The web, unless it's on a secure site (in the address bar: https://, and a padlock symbol visible, typically in the lower corner), is also inherently not secure.
    • Be careful where you browse. Hover over links so that you can see the address you're going to, before clicking. Don't click blindly.
    • Be aware that even reputable websites frequently serve up viruses and malware, usually via advertisements. Don't think you can't get a virus just because you don't go to sleazy websites. Most virus attacks happen on mainstream sites.
    • Always always always have an antivirus program installed, up-to-date, and working. If you don't have working and up-to-date antivirus software installed, you will get a virus and the results will be unpleasant. (I'll harp more about this below).
    • Be cautious about public web surfing: if you're in an internet cafe or library or airport, don't bank online or use Paypal. Log out of your email promptly.
    • Remember that unsecured wireless networks are a danger to everyone using them. Make sure yours is password-protected and try to avoid using others' unsecured networks.
    • Don't give out your passwords to anyone you wouldn't trust with access to your bank account.
    • If at all possible, use a web browser that's not Internet Explorer. The most popular alternative is Mozilla Firefox. Using it won't make you invulnerable, but it will make you somewhat less vulnerable.
    • Beware of toolbars and add-ons to your browser, especially if they claim to 'speed up' the internet. Don't download smiley-face icons, screensavers, or free games unless you really know what you're doing. These sorts of downloads have viruses the way a subway tunnel has rats.
  3. Always have an antivirus program installed and up-to-date on your computer.
    • If you're not sure if this is true, it's probably not. Take care of this immediately, before you visit another website or do anything.
    • Many of the popular antivirus brands are borderline scams: as discussed in IT Without IT, Part 3: Operating Systems and Basic Software, I prefer the free programs, like Microsoft Security Essentials, which is effective and downloadable at their website. There are several other free and low-cost options available that work extremely well.
    • Keep your antivirus software up-to-date. Usually this happens automatically. But you need to know at all times that your antivirus program is happy and functional, so learn how to tell whether it's up to date or not. (Usually this is easy- the program itself will harass you until you fix whatever's wrong. But be proactive).
    • If you think you may already have a virus, disconnect your computer from the Internet, drop everything, and begin scanning immediately. Virus/malware infections typically start mild and get worse in sort of an exponential growth curve. Early intervention is important.
    • Good antivirus software often prompts you to make a 'rescue disk' or recovery CD when first installed. If you don't have one, and you think you might have a virus, boot into Windows' Safe Mode (instructions here). Scanning from safe mode will be more effective. Scan repeatedly until you're totally, completely, bet-your-life-on-it, sure. Don't expect a quick fix; modern malware often creates several layers of protection around itself to prevent easy removal.
    • There are several useful malware-removal tools that are free and easy to download and use. It's useful to have these handy ahead of time, just in case. Good examples are Malwarebytes Anti-malware and the venerable Spybot AntiSpyware. Getting to know these programs ahead of time can save some grief when bad things start happening. Sometimes it helps to use more than one tool.
  4. Keep Windows itself, as well as other programs, up-to-date. Windows is full of security flaws, and is constantly releasing updates to fix them. Unfortunately, the fixes themselves often need fixes. So you want to get updates pretty continually.
    • If you're using Windows XP, set up for automatic updates (later versions of Windows take care of this automatically).
    • Other software needs updates too, though not as frequently. Usually they'll let you know. Adobe software in particular can be a big security problem.
  5. Use a 'limited' account for daily work.
    • It's always much safer to use a limited account for everyday use. Usually when you install Windows you automatically get a default user, and this user has permission to do whatever it wants to your computer. Immediately make a second user account with restricted permissions, and use this one unless you need to add or remove software or do other structural stuff. This makes it much more difficult for bad software to do nasty things to your files. This one step alone will make it much, much, less likely that bad things will happen to your computer.

That pretty much covers it. Basically, use caution and common sense. The internet is a fabulous wonderland; but it's also a wilderness, and the world's largest and richest city. Muggers and pickpockets abound. Keep your wallet in your front pocket and be cautious about dealings with strangers.


Links to previous posts in this series:

IT Without IT, Part 1: Introduction
 
IT Without IT, Part 2: Choosing and Acquiring Computers

IT Without IT, Part 3: Operating Systems and Office Software

IT Without IT, Part 4: Antivirus Software
 
IT Without IT, Part 5: Simple Networking

IT Without IT, Part 6: Email and Websites
 
IT Without IT, Part 7: Email, continued
 
IT Without IT, Part 8: Document Sharing and Collaboration

IT Without IT, Part 9: Backups


Thursday, November 04, 2010 | Comments (0) | Trackbacks (0) | Permalink
Bookmark and Share
 

Find us on:
CRE on Twitter CRE on Facebook CRE on Flickr

Tags

nonprofit management Albany nonprofit ownership accountability harvard business school Neighborhood Based Capacity Building Initiative record keeping proposal writing Fran Barrett capacity building NYCCCOC Fran's Corner Peter Block grantmakers for effective organizations staff mergers nonprofit start-ups Jeff Ballow handling the unexpected Featured Items Bill Ryan Nonprofit Sustainability internal controls rockaways hard times Harvard Kennedy School HIV/AIDS services providers Beth Kobliner Data Alliance for Nonprofit Management board and staff relations New York Times New York Community Trust House Party New York National Committee of Responsive Philanthropy cre Randall Quan CRE Tips Governance as Leadership Government News postponed event CRE News government IT Huffington Post executive transition Board of Directors Michael Hickey Rona Taylor announcment Pavitra Menon strategic alliances nonprofit mergers Valyrie Laedlein CRE Executive Search Louisa Hackett Jean Lobell guest blogger Nonprofit Tools Daring to Lead jobs Data Starved National and Community Service Barbara Blumenthal Nonprofit News fundraising New York City Government Sector Research grantmakers Philanthropic Collaborative HR Without HR generative nonprofit leaders President Obama board leadership MAC AIDS Fund Mohan Sikka website, resources, announcements Government Updates community 30th Anniversary Client News NYS Budget Advocacy tips Ero Gray I.T. without I.T. Holly Delany Cole Useful Links lower Manhattan Needs Assessment evaluation executive Mark Light nonprofit accountability queens Ximena Rua-Merkin Coaching publications computers What is Core? bookkeeping case statement leadership Nonprofit Quarterly CRE POV Stanford Social Innovation Review foundations Nonprofit Funding Updates RFP arts collaborations media


RSS Subscribe via RSS feed

Donate to CRE Join our Mail List