In December, Children’s Home of Cincinnati, Answers in Genesis and Barnes Dennig hosted a Round Table covering IT and fraud nonprofits face in today’s progressive business world. We discussed Cybercrime and related risks with three leaders in Cincinnati protecting the nonprofit sector. Kevin Rinn, IT Director at the Children’s Home of Cincinnati (CHOC), Ron Eubel, CIO at Answers in Genesis, and Chad Martin, Certified Fraud Examiner at Barnes Dennig.
Nonprofit IT & Fraud Roundtable
We started with a recap of data security incidents in the news recently, including espionage from foreign regimes, especially China and North Korea. We also discussed the passion that nonprofit missions can generate, which can unfortunately upset those with different world views, and accounts that are sometimes attacked “just for fun,” such as celebrity targets and social media accounts. The Cincinnati nonprofit sector was not immune to these influences, with the recent hack of the Cincinnati Zoo’s Facebook page a prime example. It was co-opted for almost 24 hours by someone driving traffic to for-profit websites. Robert Ramsay, moderator, concluded the introduction with an overview of cloud computing and the implications for cost savings and security concerns.
Kevin Rinn next lead a discussion of steps organizations take to comply with HIPAA, the Health Information Portability and Accountability Act. Although not every organization must comply with HIPAA (it applies to those managing individual health information such as doctors and hospitals), it provides a framework for protecting important information.
Kevin pointed out that complying with HIPAA is different for every organization, but begins with a risk assessment process. This process includes identifying all the places health information could reside and understanding how they are secured. He noted that this includes all the servers, desktops, laptops, backup drives, thumb drives and even paper copies maintained by the organization. He noted that this same process is the first step in protecting any kind of information. For example he also led the effort for CHOC to protect credit card data. This data is governed by a different set of standards called PCI-DSS (Payment Card Industry – Data Security Standards). \
Ron Uebel discussed the fact that Answers in Genesis (managers of the Creation Museum and many related mission-based websites and periodicals) originally attempted to design their own software and quickly learned that a key to achieving compliance is to rely on shared services. Cloud-based software spreads the cost of security among all participating organizations, another benefit of the “sharing economy.” He also noted that their mission makes them a target and they monitor online threats using IDS and IPS (Intrusion Detection Systems and Intrusion Prevention Systems), which have evolved from basic firewalls into smart systems defending websites and networks from potential cyber criminals and viruses.
The round table presentations concluded with Chad Martin describing incidents of fraud perpetrated on nonprofits. He pointed out that basic segregation of duties can be helped or hindered depending on how access security is managed. Some computer systems restrict employees to specific roles preventing a single person from accidentally or intentionally taking money or “cooking the books.” Other systems enable one person to make many changes and cover their tracks. He noted that diligence is required for management to own internal control and design policies and procedures appropriately.
The event concluded with a lively questions and answers session discussing viruses, new technologies such as Apple Pay, and steps to take to thwart hackers. Barnes Dennig offers a number of IT related services to help protect your company from internal and external threats. Reach out to a Barnes Dennig representative today to learn more about how your company could benefit from IT controls and audits.