I’ve just visited more than 100 nonprofit websites, checking links to update a major resource list that helps those
organizations to get more public attention and support. But 3% of those
nonprofit websites just got crossed off the list. They’ve been hacked. The sites are infected with malicious software. And the nonprofits don't even know it.
Depending on the nature of the infection, simply viewing a hacked website has the potential to infect a visitor’s computer
with malware — and that's a visitor relationship disaster that any nonprofit
organization will find it mighty hard to recover from!
What’s a nice Nonprofit org like you doing with malware on your website?
Sadly, it’s a fair bet that the nonprofits involved have no idea
their site security has been compromised. After all, if you think about
a typical busy week in a small, busy, understaffed nonprofit office:
- How often do you visit your own website?
- How often do you search for your website in the search engines and
click through from a search result, instead of typing the URL straight
into your browser?
- How often do you scrutinize your website analytics? And I’m not talking about
a quick peek at the traffic trends here, but an indepth look for
unusual patterns in your stats. In some cases, only a couple of pages on a
site may be infected, in which case you may see a sudden drop in traffic to those
pages; or you may find that your login page has been getting hits from
an unauthorized source; or... anything out of the ordinary will bear a close look.
Not all browsers will detect all infections, and not all of your
website visitors will be reliable about installing anti-virus and
anti-malware software on their computers and keeping it up to date. As a website publisher,
your organization has an obligation to try to keep your site safe for visitors, and it only makes good practical sense, too.
You know how fast a
piece of bad news
— like “That nonprofit site gave me a virus!”
— can spread
online!
Quick Free Website Security Checks
There are a couple of things you can do to make sure your website is
safe for visitors to access. To begin with — and this takes only a
quick minute — check to see what anti-virus and anti-malware software
providers have to say about your site.
Both sites will give simple clear information about the status of
your website, no special technical knowledge required and almost no techie
talk to decode. The green icon means OK, your site has tested safe. The red X icon
means you've got trouble. Simple as that.
Keep It Clean!
If your website is clean and free of security threats, let’s keep it that way:
- Make your passwords hard to guess, keep them private and secure, and change them frequently.
- Give volunteers and members only the site / administration
privileges that they absolutely positively need to have in order use
your website.
Assuming that your passwords are kept secure, the biggest security
risk for a website owner will normally be running a site on outdated or vulnerable software.
Remember, if you’re self-hosting your website (and/or blog, and/or
discussion forum), it’s vital to keep your website software up-to-date
with the latest version. That includes all security patches and the
latest version of any plugins or add-ons you’re using — install those
updates as promptly as possible whenever a new version is released.
And it should go without saying, install only those third-party widgets
and plugins in whose author you have full confidence.
Does all that website housekeeping sound like a major hassle?
Sure it does.
But we’re living in a time when more and more
personal, valuable information is kept on our computers or in the
cloud — and anyone can buy a nasty password-stealing malware script on the Internet for $25. Just think about it.
And while you do that, I’ll be trying to track down contact info for some small nonprofits who have no idea their websites have been hacked!
