by Amber Mata Nonprofits often tend to be targeted by cyber criminals due to a lack of resources to implement cybersecurity measures. They are just as susceptible to a data breach as for-profit organizations, if not more. However, they often don’t embrace the same level of changes that other organizations are making to implement a sophisticated cybersecurity program as there is a belief that they are not a target.
This is a dangerous assumption to make.
The reality is, nonprofit organizations collect incredibly sensitive information about its members and donors, which can include social security numbers, credit card information, and even medical information. It’s time for nonprofits to get serious about cybersecurity because without proper measures in place, one single breach could end their entire organization and its mission.
Why they should be concerned
Nonprofit websites that end in .org are often targets of hackers because they usually show up early in search results leading to high visibility. The higher the visibility, the greater the value of the target. A valuable target with little or no security is a no brainer target for cyber criminals.
Nonprofit organizations tend to handle volumes of sensitive data every day. Member records, donor information, confidential emails, and hundreds of other transactions pass through their gates. Without proper cybersecurity measures, an organization can easily be breached leaving the path to this sensitive information wide open to cyber criminals.
For an organization that relies heavily on grants and donors, a cybersecurity breach can be deadly. A breach can result in lost trust and confidence if donors fear their reputation or identity could take a hit. Even if a nonprofit organization does survive the reputational loss, the costs of settlements, notifying affected parties, and monitoring breached parties are sure to put a financial strain on the organization.
Where to begin
Get a game plan together – Start with a holistic approach looking from the outside, in. Preparation involves a risk assessment of the organization’s IT environment. Nonprofits should also consider taking a complete infrastructure inventory and review any regulatory requirements. It is important to create necessary policies and enforce them.
Always inform and train all volunteers and employees to properly embrace all updates. Initiate a plan to know what data is kept, where it is, how it is used, and who has access.
Secure all technology – The two best places to start with protecting technology is to always utilize multi factor authentication and always upgrade the latest patches to all software. Patches can ensure that the latest security measures are deployed to software and multi factor authentication can prevent remote attacks even if credentials become compromised. It is an easy and effective tool to implement, yet over 70% of nonprofits do not utilize.
It takes time – Security is not a destination it’s a way of life. It can take 18 to 24 months to raise an organization’s cybersecurity maturity by just one level. Establishing a proper and mature cybersecurity posture is an ongoing effort. Patience and dedication is definitely a requirement.
Doing nothing is absolutely not an option. Even if an organization hasn’t experienced a cyber breach to date, there’s no telling what tomorrow may bring. A lack of cybersecurity measures is like driving a car without insurance; it’s a big risk. Small organizations, for-profit and not-for-profit, are attractive targets but they don’t have be easy targets.
A breach is inevitable if proper security is not implemented but proactive measures can minimize the effects and allow a clear path to an accomplished mission. Don’t become an easy target, it’s time to take cybersecurity seriously.
Amber Mata is Marketing Manager at Kyber Security, with offices in Fairfield, Rocky Hill and Providence, RI. Kyber Security provides cybersecurity and compliance for small firms up through enterprise businesses. Kyber Security is a partner in the The Alliance for Nonprofit Growth and Opportunity (TANGO), where this article first appeared. TANGO creates partnerships between nonprofit and for-profit organizations to drive innovation, create cost savings, and deliver mission advancement.