Skip to main content

Watch McKinley Carter's '4Q2022 Market Review & Outlook for 2023' Video

I Stock 1058694620 KAM cybersecurity blog USE

3 Areas of Cybersecurity Risk Pose Concern for Today’s Nonprofits

Photo of author, Kathleen McDermott.
Kathleen McDermott
Business Development Manager and Director of Nonprofit Advisory Services

Cybersecurity is a hot topic these days and news headlines about cyber attacks and hackers are quite common. In fact, a study by Community IT , a technology security company solely dedicated to servicing nonprofits, released statistics around nonprofit cybersecurity that reveal two truths: (1) the frequency of cyber incidents is increasing and (2) nonprofits often lack proper cybersecurity protocols.

Have you considered how a data breach could impact your nonprofit organization?

Of course, there are countless areas of risk. But we draw your attention to three major areas that would have a significant long-term, negative impact on your organization’s reputation and donor confidence should they ever be compromised:

  1. Donor Data: A data breach could give access to private donor contact information, donor preferences, and even donor birthdates. These lists could then be sold on the black market.
  2. E-commerce: More and more organizations are implementing systems for e-commerce, event ticketing, online auction bidding, and online giving, which leaves an organization vulnerable to hacking.
  3. Employee and Volunteer Personally Identifiable Information (or PII): This includes confidential data, such as social security numbers, driver’s license numbers, and health insurance information.

Breaching of this data can occur through third party attacks, malicious insider activity, or through negligence. Further research by Community IT reveals some staggering statistics:

  • 56% of nonprofits don’t require multi-factor authentication (MFA) to log into online accounts.
  • More than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
  • Only 20% of nonprofits have a policy in place to address cyberattacks.

So, what steps can your organization take to be more ‘cyber secure’?

  1. Implement multi-factor authentication (MFA), which is an extra layer of security that combines standard log-in information with a unique code sent to another device such as a smartphone.
  2. Deploy a focused, consistent, and measurable Security Awareness Training program for any network users/employees. Empower and educate your team to be “human firewalls”.
  3. Create an Incident Response plan and a Disaster Recovery policy. Such policies go a long way toward ensuring potential cybersecurity risks are identified, planned for, and appropriate responses will mitigate damage. A plan can also help improve response times.
  4. Encrypt and secure your systems with anti-virus and anti-malware software and consider using a firewall. Incorporate “Threat Hunting” and other pro-active tools into your security approach.
  5. Ensure your security software is kept up to date and make sure you are using the latest versions of your databases and e-commerce products.
  6. Control who has access to your databases and require complex passwords.
  7. If users access databases from their smart devices, require security precautions such as auto-lock and passwords on these devices.
  8. Work with your insurance provider to evaluate your Cybersecurity Policy and develop a plan to add resources in areas of need.
  9. Consider an annual IT Security Assessment and plan/budget accordingly to reduce exposure and close gaps.

Consideration of the above can certainly get you started, but it might be a worthwhile investment to consult with a professional IT company for questions and concerns.

For more information on cybersecurity practices, check out these two additional resources:

Related Insights
Board Composition Blog DHM USE

3 Types of Board Members: Why All Are Essential for Organizational Success

Many people find enjoyment in service on boards of directors for their favorite non-profit organizations. The most effective boards seem to have a thoughtful and strategic approach to selecting their directors with the intentions of achieving and maintaining an appropriate balance of skills, experiences, and interests that serve the organization’s interests very well. This issue is particularly important among selection of officers for the board. Learn more.

Read More
I Stock 1316707577 ESG Header Image FINAL

ESG Ratings Give Nonprofits More Impactful Investing Options

No one understands the impact of a dollar like non-profit organizations. Often, an organization’s ability to change the world for the better relies so much on the stream of donations to fund their mission. However all too often, pursuing that mission stops when an organization’s funding outpaces their needs and they turn their attention toward investing. It is now easier than ever to affect positive change in the world while still getting a return on invested capital.

Read More

TRUST. CONFIDENCE. INTEGRITY — What It Means to Work with a CEFEX Certified Advisor

McKinley Carter's Nonprofit Advisory Services division has been awarded certification from the Centre for Fiduciary Excellence, LLC (CEFEX) that demonstrates the firm's adherence to fiduciary best practices, signifying conformance to a recognized global standard of fiduciary excellence.

Read More