Cyber security might sound like something that only e-commerce sites and big box retailers have to worry about, but that isn’t true. Thanks to the cloud, nonprofits make an attractive target. Just think about all the information your organization has stored online.
Information such as donor data (which can be used by hackers for identity theft), credit card information, and even the staff’s employment information and health insurance. In addition, to the sheer volume of information nonprofits store online they often they don’t have a full-time IT staff or in the case of small nonprofits, they could be operating without any dedicated IT staff at all.
All these facts combine to make them a perfect target for cyber criminals and it means that nonprofits should take cyber security just as seriously as any for profit organization. In fact, current research even suggest that nonprofits should take safeguarding their donor’s data even more seriously than a for profit company.
A data breach could have enormous impact on your organization’s reputation, not to mention the financial implications. It all has to do with your donor’s trust. Supporting a nonprofit is not something that a consumer needs to do, in the way they need to pay for electricity or food. That means a data breach at your organization can cause your constituents to feel a level of betrayal that they wouldn’t feel if their data was compromised at the local big box store.
Why? Well, if you aren’t sharing your data with a third party, that is one less avenue a cyber criminal can take to get to your data.
Next create you need to create a cyber security plan. This plan should include a calendar for information updates and password changes. Install antivirus and antispyware software and perform regular updates. In fact, automate as many of these updates as you can. This will prevent a computer from going unprotected because a staff member routinely clicked “remind me later” for the updates.
Also routinely update your computer’s firewall and even passwords. And, check your wireless router to ensure that firewall protection is enabled. If you organization accepts online donations via credit card you need to understand credit card security rules. One of the simplest of these is never store credit card information.
Yes, that means that returning donors will always have to enter their credit card information, but that also means hackers can’t get their credit card information from your server. Processing credit card payments securely has its own set of standards, the Payment Card Industry Security Standards Council (PCI SSC) guidelines help nonprofits and their processors ensure they are safely processing credit card gifts.
There is also the PCI Data Security Standard (PCI DSS) which gives nonprofits a framework for developing a robust payment card data security process that includes prevention, detection and reaction to security incidents.
Any data that is to be stored, must be encrypted.
Giving your employees the ability to use a mobile device or laptop to work from anywhere is a great perk, but it is also a great security risk. Any devices that hold information and are portable should be password protected and have encryption.
Require all employees to have their own unique login name and password (that gets changed regularly)to access computers. Don’t allow your organization to have one generic password that works for everyone at all levels of the organization.
Determine what employees and volunteers need access to what data, and use unique passwords to give access only when it is needed. Your one day a week volunteer, does not need to have a password that access your complete donor database, including financials.
These are just a few steps you can take to keep your data secure.
Jennifer is a Wisconsin based writer. She has a special interest in technology. Her works have been published in the Milwaukee Journal Sentinel and online. Her business background has allowed her to work in various fields including; Construction, Accounting and most recently Audio Visual.