Cybercrime and data hacks have become commonplace in today’s world of business and every organization, even your nonprofit, is vulnerable.
Hackers are coming up with new ways to compromise your nonprofit’s data or sensitive information every day. In fact, according to Privacy Rights Clearinghouse, “healthcare and educational institutions have incurred the most breaches to date for nonprofits.” Additionally, not-for-profit organizations are particularly easy targets for credit card fraud, making it absolutely necessary to have policies and procedures in place to safeguard this sensitive data.
Read Also: Education Is The Enemy Of Cybercrime
What are you doing to protect your nonprofit from a data breach?
The first step to protecting your nonprofit’s data is to consider the types of data you are currently collecting. From volunteers and shareholders to donors and sponsors, how are you storing the critical pieces of information collected from these sources? Then, think about the fallout that would ensure if this data were to become compromised. Not only would individuals associated with your organization be in danger, but your nonprofit organization as a whole would suffer a potentially fatal blow.
Check out this list of tactics you should consider implementing in an effort to protect the valuable information your organization collects and stores. Not only will your board be able to relax a bit, these proactive measures will help your nonprofit maintain a reputation of strength and security among your targeted audiences.
- Deploy A Cyberattack Response Team: This group would be responsible for identifying and executing the plan to fight off would-be cybercriminals while properly managing the cybersecurity operations throughout your nonprofit.
- Protect Sensitive Data: One of the easiest measures your nonprofit can take is to ensure that all sensitive data is encrypted. For example, when you deal with large amounts of personal donor information (including names, addresses, credit card information, dates of birth, etc.) and you fail to encrypt the data, a single data breach could shatter the integrity of your organization while opening you up to costly litigation. Not only is encryption one of the easiest precautions to put in place, its effective. If your data is encrypted, even if a breach occurs, criminals may be unable to access the sensitive information. When it comes to protecting your sensitive data, be sure to follow these three tips:1. Encrypt all sensitive information
2. Always know where the organization’s critical data files and backups are stored.
3. Deploy strict measures when determining who can access the information.
- Continuously Monitor Your Firewall: Your IT team should be constantly monitoring your nonprofit’s firewall through the use of Security Information and Event Management (SIEM) or Intrusion Detection Systems (IDS) programs. Even if you don’t have in-house IT capabilities, external service providers are also available to provide this essential service to for-profits and not-for-profits, alike.
- Regularly Update Company Passwords: Your organization’s password policy should require everybody to use complex passwords. Furthermore, these passwords should be changed on a regular basis – many experts recommend that users change passwords every 90 days. Your employees should be required to use complex passwords to access the company network and, when crafting the passwords, consider using a series of words or “passphrases” for increased security.
- Education Is Key: Educating your team on current security issues and schemes will prevent them from doing something that could be harmful to your organization. Be sure to send out regular reminders about the dangers of phishing and spear phishing where hackers actually work to trick users to click on fraudulent links in a seemingly harmless email message. One click is all it takes. Therefore, as the first line of defense for your organization, users must always be on their guard.
Our website offers a wealth of information and insight on the topics of cybercrime and data security. You can access these resources in our article library or listen to experts in the field discuss cybersecurity tactics on unsuitable on Rea Radio, our weekly podcast for organizational leaders and business owners. If you have specific questions, email Rea & Associates for answers.
By Brent Ardit, CPA (Dublin office)
Check out these articles for more information about how to protect your not-for-profit from cybercriminals:
Will Your Entity Be Ransomware’s Next Target?
Don’t Take The Bait
Can A Cybercriminal Crack Your Company’s Network?