3. Housekeeping
We will share the slides and recording of this session with you via
email later today.
Dial in audio access: +1 669 900 6833
Any questions we are not able to answer live or in the Q&A will
be addressed after the session via a follow-up.
If you need further assistance, please reach out to
support@bloomerang.com. Our support team is amazing!
5. Katie Gaston
Katie joined the Bloomerang Team after more
than 13 years supporting the growth of various
software organizations. She lives in Boise, Idaho
with her two cats, two dogs, and loving
husband. She is passionate about giving back
and currently serves as a Warhawk Wing Girl
for an organization celebrating veterans.
Sr. Product Marketing Manager
6. Seth Steward
Seth is the Sr. Director of IT for Bloomerang
and joined the team in March of 2021. His
passions are simplifying complex tasks and
leaving things better than he found them. He is
a proud papa to humans as well as an
adorable mutt (Go Roo!). His favorite causes are
PAWS Chicago and the local Humane Society.
Sr. Director of IT
10. 1) Average cost of cyber security
attack for SMB is $25K (but can
be much higher).
2) In 2021, more than 50% of NGOs
reported being targeted by a
cyberattack.
3) 27% of nonprofits worldwide have
experienced a cyber security
attack.
4) The average length of disruption
(inability to do business) is 21 days
following a ransomware attack.
5) Hackers attack every 39 seconds,
on average 2,244 times a day.
Why this matters:
The risk
11.
12. 1) Reputation harm / loss
2) Precious funds to recover data
3) Identify theft
4) Disruption in ability to carry out
business as usual
5) Exposing sensitive data on
donors and stakeholders
6) Holding organization in scrutiny due
to vulnerability in security
7) Spreading politically motivated
messages
Why this matters:
The damage
13. The Attack: Targeted Code
The Damage: Personal information
for >500K people
The Cost: Reputational Damage
Attack Study:
International
Committee of
Red Cross
14. The Attack: Held data hostage
requesting $43K
The Damage: Released sensitive
information of cancer patients
online; lost all of organizational
data
The Cost: Reputational damage,
significant staff time
Attack Study:
Cancer Services of
East Central Indiana
- Little Red Door
15. The Attack: Auth attack that racked
up ~$6K in credit card fees.
The Damage: Stripe initially
requested for payment until media
got involved and they backed down.
The Cost: Staff time, stress, and
potentially lost funds
Attack Study:
Queens Together
16. 1) More than 70% of nonprofits have not
run even one vulnerability assessment
to evaluate their potential risk exposure.
2) 59% of nonprofits do not provide any
cybersecurity training to staff on a
regular basis.
3) Only 20% of nonprofits have a policy in
place to address cyberattacks.
4) 22% of charities have cyber security
insurance as part of a wider insurance
policy; 5% have a specific cyber
security insurance policy.
5) 64% of charities report staff /
volunteers regularly use their own
devices.
Why this matters:
Current state
18. 1. Encrypt your data
2. Lock your computer when
you step away
3. Keep your computer
updated
4. Use the cloud to backup &
store data
5. Use Endpoint Protection
software
1. Computer
Housekeeping
19. 2. Use a
Password
Manager +
enable MFA
1. What is a Password Manager?
2. Why use a Password
Manager?
3. What is MFA?
21. 4. Use a chat
platform as
your main
form of
internal
communication
1. Harder to impersonate
2. Reduced exposure to spam
and malware
3. End-to-end encryption
22. 5. Build an
Incident
Response
Plan
1. Define scenarios
a. Unintentional deletion
b. Intentional deletion
c. Ransomware
d. Data Compromise
2. Choose who will run point in each scenario
3. Document how each scenario might be
responded to
24. 1) Fraud Protection (Free)
2) Update Expired Cards
3) PCI-Certified
4) Award winning support
5) 6+ Payment Types
Sign-up for
Bloomerang
Payments
25. 1) Keep Donor Data Secure
2) Grant access to stakeholders
3) Details
a) Admin
i) Full system access
b) Standard
i) Access to specific
areas
ii) View-only access to
transactions,
constituents, reports
iii) Restricted access to
giving info (coming
soon)
User Permissions
26. 1) Bloomerang sends users an
additional code to their
authenticated email during
login.
2) Enter code to access
database.
Bloomerang:
Enable 2-Factor
Authentication
27. Enable Captcha
1) Sign up for Google
ReCAPTCHA (V3).
2) Add Site Key and Secret Key
to Bloomerang.
3) Enable for Transaction Forms
& Interaction Forms
Bonus: Rate Limit Transactions!
28. 1) Secure websites: Code snippet
2) Unsecure: We’ll host on your
behalf (with CAPTCHA)
How to check if website is secure?
1) Chrome: Look for the lock
2) Should read HTTPs
3) Most websites come secure if
built recently
3) Automatically includes CAPTCHA
S
Secure Forms
Hosting
29. ● Hosted on world-class
infrastructure providers
Amazon Web Services (AWS),
and Google Cloud Platform
(GCP).
● Anti-malware, mobile device
management deployed.
● Data is encrypted in transit
and at-rest.
Database
31. Resources
Knowledgebase
Host Forms Securely
How does Bloomerang store data? FAQ
How Secure Is the Donation Form?
Prevent Fraudulent Transactions
ReCAPTCHA - Sign Up and Increase Form Security
Tech Tip:
Password Manager Suggestions:
2. Free Options
1. NordPass
2. Dashlane
3. Bitwarden
4. KeePass
3. Paid Options
1. 1Password
32. Thank you for attending!
Visit our website to see more upcoming
Bloomerang Academy webinars!