Cyberattacks in lucrative sectors, such as retail, banking, and healthcare, unfortunately aren’t as shocking anymore. If you thought non-profit organizations weren’t as appealing to hackers, you‘d be surprised. The non-profits are considered one of the low-risk, high-benefit industries due to the generally lower level of data security protections in place compared to other sectors and the nature of the data handled.
The supporter and volunteer databases you have worked so hard to grow, and the donor lists that you have carefully nurtured, all contain sensitive personally identifiable information (also referred to as PII – you maybe have heard of the term) such as name, email address, phone number or address that can be exploited by hackers if breached. Without appropriate security measures in place, they can also gain access to your software tools and manipulate your campaigns to spread false information or even disrupt your organization’s operations.
Now this doesn’t mean you have to build a software security fortress, but there are important and accessible measures you can take to ensure that only authorized individuals can access to your systems, especially when dealing with your subscriber’s personal data. One easy step to greater security? Multi-Factor Authentication, or MFA.
What is MFA?
Multi-Factor Authentication is a security mechanism that ensures the person trying to access a platform is actually who they claim to be. It adds an additional layer of security by requiring the user to provide more than one method of verification to prove their identity. The evidence could include the following:
- Something they know – a username and password to login to the platform.
- Something they have – a one-time code sent via a smartphone or an email account you can access.
- Something they are – biometrics like facial or fingerprint recognition (just like your trusty iPhone).
This way, even if a hacker manages to find a user’s password, they will still need access to the physical device to successfully log into the platform, thus stopping them in their tracks at the last step.
You’ve likely already used multi-factor authentication with other software or online accounts you use, like your banking account or when you’ve forgotten your password to log into your favorite food ordering app. MFA is becoming increasingly more commonplace because it is both easy for the user (you) to adopt, and easy for organizations to set up within the software and accounts that their employees use.
Implementing MFA for non-profits is essential to protect private information and ensure the security of your communications. Alongside protecting organizations from cyberattacks and helping fulfil compliance requirements, MFA can also help building trust with donors and other stakeholders by showing a commitment to responsible data usage. The non-profit industry has unfortunately been burned in the past by misuse of supporter data, and this is another step to ensure that individuals feel comfortable in sharing their data and engaging with your cause.
Why should you consider implementing MFA?
- Improved security: MFA adds an extra layer of security to protect against unauthorized access to private information. This is especially important for non-profit organizations that deal with sensitive data, such as donor information or personal data of volunteers.
- Protection from data theft: With MFA in place, the risk of data breaches and cyber-attacks is significantly reduced. Even if a hacker manages to obtain a password, they will still need access to the second factor (such as a security token or biometric verification) to gain access.
- Compliance to privacy regulations: Many non-profit organizations are subject to various data protection regulations, the California Consumer Privacy Act (CCPA) and several other state regulations. Implementing MFA can help organizations comply with these regulations by providing an additional layer of security.
- Economical: MFA solutions are often built into the software you use for free (like Mobile Commons!). However, your organization can also add an MFA solution which is relatively inexpensive and easy to implement, making them a cost-effective way to enhance security posture.
- Build trust: Advocacy and non-profit organizations rely heavily on trust from their donors, partners, and supporters. By implementing MFA, they can demonstrate their commitment to protecting sensitive information, which can help build back trust.
Ready to activate multi-factor authentication within Mobile Commons?
Mobile Commons supports both MFA for email and for SMS. After turning on MFA, your users will login using their username and password along with a 6-digit one-time code sent to them via SMS or email.
You can find the MFA settings by going to “Configure Company” in the Mobile Commons dashboard. From there you have a few easy steps to select MFA via email or SMS. Learn more about how to set up MFA in the Mobile Commons Community.