Until a few years ago, many people had never even heard the term artificial intelligence (AI). However, technology evolves at the speed of light, and AI is now in most people’s everyday vocabulary. As such, many non-profits are now exploring how AI can help improve their operations and outcomes. It is important, though, to protect your non-profit from new technology risks. The rapid pace of AI and its potential risk can be intimidating, but there are relatively inexpensive ways to stay safe while still enjoying the benefits and advantages AI provides.
Controls That Mitigate Threats
Some tech solutions may already reduce your non-profit’s risk. For example, cloud-based accounting software generally includes built-in controls. The software can also help you automatically track grant spending in real time so you can quickly remedy any mix-ups and avoid issues with your grantors.
More recently, advancements in AI are taking technological assistance to a new level. On the downside, AI has enabled bad actors to launch more cyberattacks against organizations. But on the plus side, AI has introduced new tools that can help organizations more quickly preempt or detect suspicious activity. In particular, AI and automation are making it easier to cost-effectively crunch massive amounts of data to identify anomalies and stop fraud.
Up Your Game
Many of your employees may work remotely, at least some of the time. And even if they don’t, most workers now access at least one of their employers’ networks via multiple devices. This provides hackers with greater “cyberattack surfaces” or points of entry. So, if your non-profit still uses passwords only — or even passwords plus multifactor authentication — to limit access to your network, consider adopting stronger defenses.
Role-based controls restrict access to systems or data to only those whose jobs require it. For example, only accounting staff (and certain executives) can access all financial data. Role-based controls offer different levels of access. “Just-in-time” provides users with access only when they need it and only for a limited period. Similarly, “just enough” applies the principle of “least privilege,” giving users access to only the information they need. “Microsegmentation” divides a network into discrete segments, each with its own access requirements.
Finally, “zero trust” approaches access for every user, device, and connection on a per-request basis, whether inside or outside the network. Users must undergo repeated authentication. For each request, the system considers the user’s identity, location, and device, along with the classification of the data sought, before granting access.
Resources Are Available
If your non-profit has in-house IT support, discuss these issues with IT staffers to determine the next best steps. You may also be able to tap the expertise of board members or trusted volunteers with technology backgrounds. In addition, we can help you analyze tech costs and assist you in implementing and improving internal controls. Contact us for more information on how to protect your non-profit from new technology risks.
