Migrating your corporate information to the cloud can save you time and money – but it also opens a backdoor for hackers to steal valuable information.
It can be easy to assume that the nonprofit sector wouldn’t be a target for hackers because there are bigger fish to fry. After all, why target a local charity when there’s more money to be made with a cyberattack on Wall Street? The answer lies in accessibility.
Why does your nonprofit need data security?
By virtue of their funding structure, nonprofits are prime targets for hackers as they are a wealth of raw financial and donor information.
Partner that with the traditionally low tech-savviness of most small nonprofits and you’ve got an easy target with a lot of valuable information. For your organization, there’s more at stake than just information to be lost: a data breach can cost your company a lot of money.
What is the cost of a data breach?
Depending on your country of residence, a data breach can cost your organization anywhere from $3 million to nearly $8 million, though those numbers could change depending on the severity of the information leaked or stolen.
Consider the chart below. Would your company be able to recover from a $7.9 million fine? Chances are the cost of a single data breach might bankrupt your entire organization.
In order to truly understand the importance of nonprofit data security, we sat down with Justin Spelhaug, the General Manager of Microsoft's Tech for Social Impact team. Justin and his team have been working on enabling nonprofits to take control of their data security through their work on Microsoft for Nonprofits.
Five steps for improving your nonprofit data security
The biggest mistake any nonprofit can make when it comes to data security is assuming they aren’t a target. This hands-off approach to risk management is careless and leaves your organization vulnerable to cyber security risks.
So, what can you do to fix that? We’ve highlighted five key-takeaways from our interview with Justin Spelhaug that your team can use to improve your data security strategy.
1. Grade your current data security program
If you heard that one of your neighbors homes had been the target of a burglary, would you wait until your own home was targeted before buying a security camera? Chances are you’d be changing your locks and adding protective measures to your home the same day.
Think of data security in the same way. A proactive approach to protecting your company and your information will do you more good than waiting until an attack has already taken place. According to Justin, the nonprofit sector is already a target for people looking to steal important information from businesses.
“We’ve seen firsthand how the organizations we work with are being targeted. As the threat of cyber attacks increases, we need to be proactive about how we protect donor information. We need these organizations to be thinking ahead and planning for what happens if something goes wrong.”
An easy place to start is sitting down with your team and creating a list of all the valuable information your company handles. This information doesn’t have to be directly linked to money, it can be something as simple as an email address.
When creating your data security plan, ask yourself these questions:
Do we keep financial records of donors or other businesses?
Do we have personal information like social security numbers or addresses on file?
What information would be damaging if an unauthorized person got ahold of it?
Once you’ve created your list, you should review your current policy for protecting that information. How are you safeguarding this information? Who has access to it? Are they kept in secure cloud storage or a filing cabinet at your office location?
Grade yourself on how well you’re doing already and identify the places you can improve. Hackers will always target the easiest point of entry. Which means you should build your strategy starting with your weak points.
2. Understand your legal obligation
As we’ve mentioned earlier in this article, your company may not have a choice when it comes to data security. Chances are your company is legally obligated to protect certain information. As Justin pointed out, nonprofits working in fields such as global aid or health and human services may be subject to HIPAA regulations or other legal obligations.
“Nonprofits are managing some incredibly important and sensitive information, especially if you work in health and human services or global aid. It’s not just donor information, it’s information about the people you’re helping. Keeping that data secure has to be the first priority.”
Reviewing the compliance information for tax-exempt entities on the IRS website is a great place to start. This can give you a clear overview of what you’re required by law to do when it comes to data security. From there, you can integrate those into your strategy and even implement a software solution to help organize and maintain your compliance program.
3. Establish data privacy protocol
Understanding your legal obligations and your weaknesses are just the first step. The best data security strategies have a clear framework, protocols, and established steps that all employees must follow. According to Justin, more than half of organizations don’t have an established plan in place.
“60% of the organizations we worked with didn’t have a data security plan in place. One data breach can unravel years of trust built with the public and your donors. In an age of deep cybersecurity challenges, how are nonprofits proactively protecting the information of their donors?”
Your data privacy plan should include written protocol for things like donor information collecting, password security, and data storage. Consider the ways a hacker might try and access your information and work backwards from there.
Ask yourself the right questions: who has access to what information, how are passwords stored for online access, and what should you do in case of a cyber attack? You cannot be too careful when it comes to data security.
4. Streamline with software
You might be wondering when you’ll have the time to monitor all of this information. After all, this seems like a full-time job in itself. According to Justin, 80% of the organizations they work with have fewer than 10 employees. That doesn’t leave a lot of room for a full-time commitment to data security, which is why big tech has been stepping up in a big way.
“Up until now, tech companies haven’t been providing the right capabilities to help these nonprofits protect themselves. We’re seeing that change. Our industry needs to help lead the conversation by providing these organizations with the tools they need. We need to be equal partners in this fight.”
Data privacy software might hold the key for protecting your organization from cyber attacks. It allows your team to automate the little things and keep your organization running smoothly. The right data privacy software can help your team by assisting in managing and maintaining information compliance, aiding in the documentation and delivery of sensitive information, and more.
Elevate your data security strategy with a comprehensive software solution that works for you. Explore the best options on the market today.
5. Involve your employees
Ultimately, data protection is everyone’s job. Whether you hire a single employee to manage your program or utilize a software solution, everyone on your team needs to be involved. As Justin points out, hackers will always target the weakest point of entry to get the information they want.
“It’s the responsibility of every single person at an organization to understand data security and play a role in protecting that valuable information. Hackers will target anyone at an organization, so everyone needs to be prepared for how to deal with a potential attack.”
There are several ways to include your team in data security. Start with training them on your data security plan and protocols. Allow them the chance to ask questions and learn what the expectation is for them as your employee.
From there, establish good habits around security. Use online training and continued education to teach them about common phishing scams and provide them resources on creating strong passwords.
Keep in mind that security awareness is an ongoing process. As hackers get more clever, so should you and your team. Consider annual security awareness training to help keep your team updated on the latest tricks hackers are using. Protect yourself by staying one step ahead.
Ready to find a security awareness training software to fit your teams unique needs? Check out the best software on the market today!
Stay ahead by staying alert
It’s time to shed the stereotype that nonprofits are low-tech and behind on the latest trends. Don’t allow yourself to become a target for hackers. Instead, use the tools at your disposal to protect the information your donors and volunteers trust you with.
So, what happens if you do find yourself the victim of a hacker? Don’t panic. Instead, check out this guide on how to recover from a cyber attack.
Lauren Pope is a former content marketer at G2. You can find her work featured on CNBC, Yahoo! Finance, the G2 Learning Hub, and other sites. In her free time, Lauren enjoys watching true crime shows and singing karaoke. (she/her/hers)