|
Online Data Security: It`s time to Act Before Our Sector Gets Burned
There is one threat that can derail the steady growth in online fundraising: a loss of donor confidence in online transactions. The three stories below, published in the Washington Post over the span of two days, indicate a growing reality that data stored in computers is not safe. While neither report directly involves data stored at online nonprofits or even retailers, both stories add fuel to the fire that data stored in computers is not very safe. The first story deals with the ChoicePoint scandal, where more than 100,000 credit files were sold to identity thieves posing as legitimate financial establishments. According to the Post, "ChoicePoint Inc. electronically delivered thousands of reports containing names, addresses, Social Security numbers, financial information and other details to people in the Los Angeles area posing as officials in legitimate debt collection, insurance and check-cashing businesses. "Authorities said the number of records involved may go higher as the investigation continues. 'This is way far more reaching,' Los Angeles Sheriff's Department Lt. Robert Costa, commander of an identity theft unit. 'I believe that when we're done it will be more than a half million nationally. It's huge.'" The second article deals with a government report that many of its own sites "received flunking grades for their cyber-security efforts in 2004, with the federal government at large earning an overall grade of "D-plus" from a key congressional oversight committee." Agencies were graded on how well they met the requirements of the Federal Information Security Management Act (FISMA), according to the Post. Committee Chairman Tom Davis (R-Va.) is quoted as saying "I hope it won't take some kind of major cyber-attack to wake everybody up." The third article deals with deliberate hacks into online databases of companies and individuals. The most disturbing comment is at the end of the article, when a former security chief at Microsoft Corp. and eBay Inc. said "We're seeing the bad guys moving down the food-chain," hitting small businesses and credit unions." Apparently, as larger companies are beefing up their online data security, hackers are targeting less protected firms. The article in the post describes organized data hacking criminal enterprises, not just bored teenage engineering nerds. Ralph Basham, Director of the U.S. Secret Service, said, "There is no longer any doubt about that threat ... With just a few key strokes, (online fraudsters) can disrupt our nation's economy." According to the Post, "Security analysts have warned that Internet hackers, once motivated by the thrill of shutting down computer systems, are joining forces with organized crime groups as they seek to profit from hacking into databases and stealing personal data through a variety of tactics, like phishing. Phishing scams fool users into entering sensitive information on Web pages that look legitimate." Director Basham said several law enforcement agencies in the United States and overseas recently disrupted an online organized crime ring that spanned eight U.S. states and six countries. Thirty people have been arrested so far in that case. Your nonprofit needs to beef up its data security now. The damage done by online fraud would extend to the entire industry, not just your organization. Confidence in online transactions is what allowed the tremendous outpouring of funds in the immediate response to the Bay of Bengal tsunami disaster. We can't let a few highly publicized scandals involving nonprofit data retard the growth of online fundraising. March 2005 | ||
