Your nonprofit computer systems can be a target of attack
09:02, 2 July 2009
Post your comments using your Google, Yahoo, AIM or OpenID account.
Nonprofits probably have much more to fear from onsite staff or volunteers stealing computer information, installing malware, or committing onsite sabotage than from online culprits, but the reality is that, indeed, many nonprofits have found themselves on the receiving end of online attacks. Some of these online attacks are attempts to steal client information and other confidential information. But most (at least from my experience) are attempts to prevent anyone from accessing the organization's online information, or to take over the organization's web site and post inappropriate, inaccurate information.An organization called Perverted Justice reported on its MySpace blog today about the arrest of a man who not only was harassing and threatening its volunteers online, but also set up a bot-net to conduct distributed denial of service attacks against the organization. From the blog: "Traffic ranged from 216 gigabytes a day and sometimes went up as far as over 1 terabyte in generated traffic over a 24-hour period, depending on the size of the bot-net infections. At any time there may be between 100-200 requests to surges of over 10,000 different requesters at a given time. We block usually on average 500-2,000 ip addresses making requests from the bot-net daily."
Also today, NABUUR, a nonprofit organization that involves online volunteers, posted to LinkedIn with a plea for help -- NABUUR is currently under attack of a spammer who spoofed his IP address and they need to know how to block this person.
All of the UN agencies I've worked with, as well as an Afghan government agency, were under constant attack from malicious computer users. I had frequent conversations with the IT staff at such about how often these attacks occurred. Large, well-known organizations seem to be of particular interest to such computer users.
If you are a nonprofit that is lucky enough to have an IT staff, sit down with this person or staff members and ask if your organization has ever been the target of a malicious computer user, and what systems are in place to prevent and to respond to denial-of-service attacks, attempts to install malware on your agency's computers, and attempts to take over your organization's web site.
If your organization does not have an IT staff, consider recruiting a volunteer to help you with a prevention and a response plan. Here are tips on finding a network computer consultant, which includes tips on interviewing/screening. You will want to get the volunteer's full credentials -- real name and references, maybe even a criminal background check -- to make sure this person is the right person for this very sensitive job.
It's sad that nonprofit organizations have to deal with this issue, in addition to a frightening economic climate and their day-to-day operations.
