Cybersecurity is a hot topic these days and news headlines about cyber attacks and hackers are quite common. In fact, a study by Community IT , a technology security company solely dedicated to servicing nonprofits, released statistics around nonprofit cybersecurity that reveal two truths: (1) the frequency of cyber incidents is increasing and (2) nonprofits often lack proper cybersecurity protocols.
Have you considered how a data breach could impact your nonprofit organization?
Of course, there are countless areas of risk. But we draw your attention to three major areas that would have a significant long-term, negative impact on your organization’s reputation and donor confidence should they ever be compromised:
- Donor Data: A data breach could give access to private donor contact information, donor preferences, and even donor birthdates. These lists could then be sold on the black market.
- E-commerce: More and more organizations are implementing systems for e-commerce, event ticketing, online auction bidding, and online giving, which leaves an organization vulnerable to hacking.
- Employee and Volunteer Personally Identifiable Information (or PII): This includes confidential data, such as social security numbers, driver’s license numbers, and health insurance information.
Breaching of this data can occur through third party attacks, malicious insider activity, or through negligence. Further research by Community IT reveals some staggering statistics:
- 56% of nonprofits don’t require multi-factor authentication (MFA) to log into online accounts.
- More than 70% of nonprofits have not run even one vulnerability assessment to evaluate their potential risk exposure.
- Only 20% of nonprofits have a policy in place to address cyberattacks.
So, what steps can your organization take to be more ‘cyber secure’?
- Implement multi-factor authentication (MFA), which is an extra layer of security that combines standard log-in information with a unique code sent to another device such as a smartphone.
- Deploy a focused, consistent, and measurable Security Awareness Training program for any network users/employees. Empower and educate your team to be “human firewalls”.
- Create an Incident Response plan and a Disaster Recovery policy. Such policies go a long way toward ensuring potential cybersecurity risks are identified, planned for, and appropriate responses will mitigate damage. A plan can also help improve response times.
- Encrypt and secure your systems with anti-virus and anti-malware software and consider using a firewall. Incorporate “Threat Hunting” and other pro-active tools into your security approach.
- Ensure your security software is kept up to date and make sure you are using the latest versions of your databases and e-commerce products.
- Control who has access to your databases and require complex passwords.
- If users access databases from their smart devices, require security precautions such as auto-lock and passwords on these devices.
- Work with your insurance provider to evaluate your Cybersecurity Policy and develop a plan to add resources in areas of need.
- Consider an annual IT Security Assessment and plan/budget accordingly to reduce exposure and close gaps.
Consideration of the above can certainly get you started, but it might be a worthwhile investment to consult with a professional IT company for questions and concerns.
For more information on cybersecurity practices, check out these two additional resources: