Skip to main content

Watch our latest video: "2Q2023 Market Review and Outlook for 2023"

I Stock 1058694620 KAM cybersecurity blog USE

3 Areas of Cybersecurity Risk Pose Concern for Today’s Nonprofits

Photo of author, Kathleen McDermott.
Kathleen McDermott
Business Development Manager and Director of Nonprofit Advisory Services

Cybersecurity is a hot topic these days and news headlines about cyber attacks and hackers are quite common. In fact, a study by Community IT , a technology security company solely dedicated to servicing nonprofits, released statistics around nonprofit cybersecurity that reveal two truths: (1) the frequency of cyber incidents is increasing and (2) nonprofits often lack proper cybersecurity protocols.

Have you considered how a data breach could impact your nonprofit organization?

Of course, there are countless areas of risk. But we draw your attention to three major areas that would have a significant long-term, negative impact on your organization’s reputation and donor confidence should they ever be compromised:

  1. Donor Data: A data breach could give access to private donor contact information, donor preferences, and even donor birthdates. These lists could then be sold on the black market.
  2. E-commerce: More and more organizations are implementing systems for e-commerce, event ticketing, online auction bidding, and online giving, which leaves an organization vulnerable to hacking.
  3. Employee and Volunteer Personally Identifiable Information (or PII): This includes confidential data, such as social security numbers, driver’s license numbers, and health insurance information.

Breaching of this data can occur through third party attacks, malicious insider activity, or through negligence. Further research by Community IT reveals some staggering statistics:

  • 56% of nonprofits don’t require multi-factor authentication (MFA) to log into online accounts.
  • More than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
  • Only 20% of nonprofits have a policy in place to address cyberattacks.

So, what steps can your organization take to be more ‘cyber secure’?

  1. Implement multi-factor authentication (MFA), which is an extra layer of security that combines standard log-in information with a unique code sent to another device such as a smartphone.
  2. Deploy a focused, consistent, and measurable Security Awareness Training program for any network users/employees. Empower and educate your team to be “human firewalls”.
  3. Create an Incident Response plan and a Disaster Recovery policy. Such policies go a long way toward ensuring potential cybersecurity risks are identified, planned for, and appropriate responses will mitigate damage. A plan can also help improve response times.
  4. Encrypt and secure your systems with anti-virus and anti-malware software and consider using a firewall. Incorporate “Threat Hunting” and other pro-active tools into your security approach.
  5. Ensure your security software is kept up to date and make sure you are using the latest versions of your databases and e-commerce products.
  6. Control who has access to your databases and require complex passwords.
  7. If users access databases from their smart devices, require security precautions such as auto-lock and passwords on these devices.
  8. Work with your insurance provider to evaluate your Cybersecurity Policy and develop a plan to add resources in areas of need.
  9. Consider an annual IT Security Assessment and plan/budget accordingly to reduce exposure and close gaps.

Consideration of the above can certainly get you started, but it might be a worthwhile investment to consult with a professional IT company for questions and concerns.

For more information on cybersecurity practices, check out these two additional resources:

Related Insights
I Stock 1204150840 cop JAE Blog banner

SECURE Act 2.0’s Enhancements for the Charitably Minded

Chatter abounds in the world of finance law since the Setting Every Community Up for Retirement Enhancement (SECURE) Act 2.0 became law on December 29, 2022. Built upon the work that was started in the original SECURE Act of 2019, the sequel creates further enhancements that impact how individuals and families may prepare for the lives they envision in retirement, as well as how they navigate that dream once it is achieved.

Among the enhancements introduced in the bill are additional benefits for those retirees who are engaged in giving back to their communities through charitable gifts. Here are some new considerations that may help you increase the impact of your charitable donations.

Read More
I Stock 1283279349 JJB IPS blog USE

Nonprofits: How to Get Ready to Invest with an IPS

Every nonprofit organization knows that having more available resources equates to having a greater community impact. Thriving organizations usually empower a finance committee to act as their fiduciary and invest their excess funds. What's the best tool to help them achieve their goals? Learn how a strong Investment Policy Statement (IPS) will prepare your nonprofit for investment success.

Read More
I Stock 1368219212 KAM Endowment blog

Endowments 101: Three Most Common Endowments and How Nonprofits Use Them

The term “endowment” is often used loosely and in reference to an organization's investable assets. However, there are distinct differences among endowments depending on their purpose and use. Learn more.

Read More