Half the battle in online security is knowledge. Do you know how online security and RaiseDonors work together to protect you?
At RaiseDonors, we’re committed to keeping you and your donors safe online.
Even if nothing bad has happened to you yet – the risks are high and the threat is very real.
Whenever you put the worldwide web and money together, you’ve got the potential for problems.
If a donor or your organization becomes the victim of a cyber attack or identity theft, it can quickly ruin the trust your donors have in you.
One of the biggest security threats is nonprofit users who are simply unaware of how online security works.
Sometimes they’ll turn off security features for convenience sake not knowing how dangerous that is! Sometimes they’ll go long periods of time without updating their software.
That’s why we bake security features right into RaiseDonors. So you have to think very little about online security.
But that doesn’t mean you shouldn’t think about it at all!
Here’s an overview of how online security works whenever you browse the Internet, check emails, or watch cat videos online.
Please understand that this is not a comprehensive article of all things related to online security. And I can’t make any promises that after reading this post you’ll be invulnerable to online attacks.
But after reading this article, you should be more aware of what we and others are doing to help you stay safe online with every transaction.
General Online Security
When the creators of the Internet started to understand just how big the Internet was, they started to get serious about security.
And they came up with some pretty impressive solutions to keep the general Internet surfing population safe.
HTTP and HTTPS
You’ve probably seen “HTTP” and “HTTPS” in web addresses for years. HTTP stands for hypertext transfer protocol, and HTTPS stands for hypertext transfer with TLS encryption.
You’ll normally see HTTP and HTTPS in front of web addresses like http://raisedonors.com or https://raisedonors.com.
Clear as mud, right?
Actually, HTTP is pretty easy to understand.
HTTP is kind of like a language that was invented to allow computers to “talk” and interact with each other over a network.
This isn’t really a security feature, but it standardized how the Internet would work for every computer and web browser in the world. For more information on the basics of HTTP, here’s a great YouTube video:
TLS and SSL
So since HTTP is just a set of rules of how web browsers ask for and receive information over the Internet, it doesn’t do much of anything to keep anyone safe from hackers or identity thieves.
With HTTP, information is sent across the Internet as understandable and clear data. If anyone were to intercept it, they would have no trouble knowing what it is or how to use it.
Therefore Netscape invented SSL, the Secure Sockets Layer, in the nineties as a “layer” of protection placed on top of the HTTP language.
With SSL, browsers encrypt information before sending it across the web. If anyone were to intercept your data, they wouldn’t be able to do much about it without the proper SSL certificate needed to unlock the encryption.
Today, SSL has become TLS, or Transport Layer Security. The principle is the same, but the branding has changed with the times.
Basically, encrypted packets of data are sent across the web like locked packages.
TLS certificates are the keys that unlock the packages when they arrive at their destination.
Using SSL/TLS security technology used to be optional, but more and more web browsers are making it difficult to go without using TLS.
For example, Chrome and other web browsers now alert web users to every website that doesn’t use a TLS certificate.
This lifts the security level for everyone as users now know up front which sites are secure and which ones aren’t.
HTTP and HTTP are a part of what Internet engineers have done to make using the Internet a little more safe for everyone.
Beyond this, there is another type of security that you need to be on top of: endpoint security.
Really, this is a fancy term for how secure your computer or mobile device is.
In Internet security language, the “endpoint” is whatever device someone uses to access and transmit information on the Internet.
Since the entire Internet is made up of endpoints connected to each other, the more secure you make your computer or device, and the more secure others make their devices, the more secure the entire Internet will be.
Viruses, Worms, and Trojan Horses
One of the first concerns of endpoint security is keeping your computer or device free of unwanted programs that take over its functionality.
A virus is a program that “when executed, replicates itself by modifying other computer programs and inserting its own code.”
A worm is like a virus in that it replicates itself. But unlike a virus, worms try to spread themselves to other computers on the network.
Trojan horses come in various forms, but one of the most dangerous is when the unwanted program allows someone to control or access your device undetected. Like the mythical Trojan horse, someone was inside the program waiting to ransack your computer.
For these threats, one of the best things to do is install a reputable computer anti-virus program.
Another way to protect your device is to update your operating system and other applications regularly.
Software companies are constantly working to keep their products up-to-date with the latest security features, but if you don’t update your device and the applications you use, you won’t benefit from the security updates and patches.
At RaiseDonors, we are constantly updating our software in the background. We perform all maintenance and security patches so that you always have the most up-to-date, secure version of RaiseDonors.
This threat is a growing problem. Phishing is when a malicious entity tries to get you to send them sensitive information by posing as a trustworthy site.
Sometimes malicious users will send you an email that looks like it’s from your bank, or the IRS, or from some other government agency.
Other times, you’ll land on a website with a form for you to fill out with your credit card information to buy a product or give a donation.
There are many ways malicious users can use phishing techniques to get you to give them your sensitive information, but here are some rules of thumb:
When in doubt, don’t click, open, or download.
If you’re not absolutely, 100% sure that the link you’re clicking on is from who it says it’s from, don’t click it!
When in doubt, reach out to your friend, bank, or government agency to make sure that what you’re looking at online or in your inbox is secure.
Most often, these institutions have policies where they never ask you for sensitive information online. So, if you’re being solicited for information, it’s probably a phishing attack.
Check the web address.
One of the simplest ways to avoid falling prey to a phishing attack is to check the web address. Does it come from a domain that you recognize?
Is the web address somehow altered or mispelled?
Is there a weird subdomain in front of the domain?
If the web address smells fishy, it’s probably a phishing attack.
Check for HTTPS.
One of the reasons TLS certificates are such a great thing is that it’s easier than ever to know who’s real and who’s fake.
Look in the web address bar on every site and make sure they are a secure site.
Raising Security with RaiseDonors
Of course, there’s so much more to be said about Internet security. But at least this is a brief introduction to the subject.
Knowledge is power. The more you know, the safer you and your donors are!
We take online security very seriously at RaiseDonors.
There’s a lot that goes on in the background, so I’ll write later about the numerous ways we strive to keep you and your donor’s safe.