Skip to main content

Check out our 2Q2024 Market Review and Investment Outlook for the remainder of 2024

I Stock 1058694620 KAM cybersecurity blog USE

3 Areas of Cybersecurity Risk Pose Concern for Today’s Nonprofits

Photo of author, Kathleen McDermott.
Kathleen McDermott
Business Development Manager and Director of Nonprofit Advisory Services

Cybersecurity is a hot topic these days and news headlines about cyber attacks and hackers are quite common. In fact, a study by Community IT , a technology security company solely dedicated to servicing nonprofits, released statistics around nonprofit cybersecurity that reveal two truths: (1) the frequency of cyber incidents is increasing and (2) nonprofits often lack proper cybersecurity protocols.

Have you considered how a data breach could impact your nonprofit organization?

Of course, there are countless areas of risk. But we draw your attention to three major areas that would have a significant long-term, negative impact on your organization’s reputation and donor confidence should they ever be compromised:

  1. Donor Data: A data breach could give access to private donor contact information, donor preferences, and even donor birthdates. These lists could then be sold on the black market.
  2. E-commerce: More and more organizations are implementing systems for e-commerce, event ticketing, online auction bidding, and online giving, which leaves an organization vulnerable to hacking.
  3. Employee and Volunteer Personally Identifiable Information (or PII): This includes confidential data, such as social security numbers, driver’s license numbers, and health insurance information.

Breaching of this data can occur through third party attacks, malicious insider activity, or through negligence. Further research by Community IT reveals some staggering statistics:

  • 56% of nonprofits don’t require multi-factor authentication (MFA) to log into online accounts.
  • More than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
  • Only 20% of nonprofits have a policy in place to address cyberattacks.

So, what steps can your organization take to be more ‘cyber secure’?

  1. Implement multi-factor authentication (MFA), which is an extra layer of security that combines standard log-in information with a unique code sent to another device such as a smartphone.
  2. Deploy a focused, consistent, and measurable Security Awareness Training program for any network users/employees. Empower and educate your team to be “human firewalls”.
  3. Create an Incident Response plan and a Disaster Recovery policy. Such policies go a long way toward ensuring potential cybersecurity risks are identified, planned for, and appropriate responses will mitigate damage. A plan can also help improve response times.
  4. Encrypt and secure your systems with anti-virus and anti-malware software and consider using a firewall. Incorporate “Threat Hunting” and other pro-active tools into your security approach.
  5. Ensure your security software is kept up to date and make sure you are using the latest versions of your databases and e-commerce products.
  6. Control who has access to your databases and require complex passwords.
  7. If users access databases from their smart devices, require security precautions such as auto-lock and passwords on these devices.
  8. Work with your insurance provider to evaluate your Cybersecurity Policy and develop a plan to add resources in areas of need.
  9. Consider an annual IT Security Assessment and plan/budget accordingly to reduce exposure and close gaps.

Consideration of the above can certainly get you started, but it might be a worthwhile investment to consult with a professional IT company for questions and concerns.

For more information on cybersecurity practices, check out these two additional resources:

Related Insights
I Stock 1213877364 SAT blog USE

Nonprofit Fiscal Planning: Sustaining the Work That Is Bigger Than Us

At McKinley Carter, we not only provide guidance in a variety of important areas of nonprofit operations and finance (investment management, board governance, and fundraising, to name just a few), we also contribute to the overall mission of our nonprofit clients and their positive community impact, in perpetuity. How? Through an alignment of our goals — the most important of which is sustainability.

​​​​​​​Sustainability is critical for a nonprofit’s long-term viability, effectiveness, and service to constituents. It goes hand-in-hand with fiscal planning. Find out what nonprofits should consider in their fiscal planning.

Read More
I Stock 471500470 NAS TKS blog Website

Happiness 101: Build a Family Philanthropy Plan

Building a family culture of philanthropy, whether that is through monetary efforts, or through gifts of time and energy, can strengthen family bonds, create a lasting legacy, and make an important difference in our communities. Is now the time to be intentional with your family about giving back to your community? Start the conversation and see where it leads.

Read More

“Alright, Stop. Collaborate and Listen”

The title of this blog is meant to catch the attention of all those who grew up in the 80s. This is one of the first lines in the debut song "Ice Ice Baby" by American rapper Vanilla Ice. While Vanilla Ice's song doesn't have anything to do with nonprofit collaboration, the words stop, collaborate, and listen do resonate when it comes to opportunities for nonprofits to collaborate with their community. Learn more.

Read More