How to protect your nonprofit from data breaches
It’s impossible to ignore the dangers of cyberthreats in our modern world. Data breaches not only leak valuable credit card information, but personal addresses that can lead to an invasion of a donor’s personal space. Not only are the social and mental costs great, the physical costs are as well. In a study conducted by IBM, the consolidated total data breach costs of 2015 totaled $3.8 million with the average breach costing $154 per password. How can a nonprofit protect itself from a data breach? Is your office at risk? We’ll take an explorative look at the topic to ensure your organization has maximum security and peace of mind:
Is my organization at risk?
It is safe to assume that every organization big and small is at risk for a data breach. However, hackers typically target smaller businesses or nonprofits because they often lack the robust security infrastructures of large organizations. Depending on the intent of the hacker, security breaches can expose multiple kinds of files and records. Many nonprofits collect data on individuals including clients, donors, volunteers and staff members. Hackers can also steal records such as social security numbers, personal addresses and credit card numbers. Aside from personal data, security breaches can expose nonpersonal data such as expense reports, interoffice emails and nonprofit checking accounts. Because of this, it is safe to assume that your small nonprofit may be at risk unless proper and rigorous security measures are put in place.
Security breaches are not just a financial risk – they’re a PR liability for your organization’s reputation. Once a donor realizes your organization is at risk, he or she will feel hesitant to donate or volunteer. However, there is hope for rehabbing a nonprofit’s tarnished image. PR News said the most effective way to move on from a security breach is to show your volunteers and donors that you are willing to learn and prevent these mistakes from happening again.
What can my organization do to prevent this?
There are ways nonprofits can secure their data. Many of these tech solutions can be developed with the help of a dedicated IT team. The first method, according to IT Business Edge, is to encrypt the data on your work computers and enforce that policy religiously. Data breaches can take place from within if a staff member has malicious intent. Because of this, it’s necessary to encrypt data so it cannot be used outside of the office or work-related computers and devices. It is also possible to move the rest of your safe data from one server to another using Allegiance data migration services.
Second, install and deploy an intrusion detection and prevention system. This is similar to when you get texts or calls from your bank asking about strange purchases on your card. Deploying this awareness system will alert employees to when their computer or data is being accessed without their knowledge.
Third, protect your employees by not mandating their social security numbers as their staff ID as suggested by Central Insurance. Try to employ a different system using randomized numbers or letters. Doing this will protect an staff member’s personal data further.
Last, mandate that all volunteers use their computers strictly for work. Many harmful websites or services that involve invoicing payments can lead to leaks in personal and organizational data. Use antivirus software to prevent malicious viruses or hackers from entering your systems.
My nonprofit has been hacked. What should I do?
The most important thing to do during or after a security breach is stay calm. After you’ve collected your thoughts and accessed your emotions, access the situation. Check to see which types of data specifically were stolen. CIO Magazine recommended forming a task force to access the issues and report the security breach to your local authorities. This task force can also develop a counter-offensive solution for your computers and test it for effectiveness. If the solutions work and prevent any further data leakage, then consider the breach over. However, by taking the steps above, many security breaches like this can be prevented.
Security breaches will always be a concern for nonprofits big and small, but understanding a hacker’s intent and proper security measures can give you and your nonprofit organization peace of mind. From all of us at Allegiance, we wish you a safe and happy new year.