Nonprofit Cybersecurity: 5 Things to Consider
Nonprofit organizations are now faced with some new, unforeseen challenges. One of these challenges is an increased risk of cybersecurity breaches. As cybercrime increases, your nonprofit should take the necessary steps to make sure your donors’ information is safe.
Why Data Security Shouldn’t Be Overlooked
Nonprofits are already ideal targets for hackers. More than a third of nonprofit companies don't have any cyber risk management policies. Almost half don’t have any guidelines regarding how they share their data with other agencies, either.
The donations you receive are a tempting target for cybercriminals, and the current economic crisis heightens this threat. Amid the panic and confusion, people tend to be less careful with things like cybersecurity practices. The outbreak has also led to an increase of phishing scams, taking advantage of people's desperation for information.
Nonprofits are already feeling the effects of these increased cyberattacks. In February, Kansas-based Saint Francis Ministries found that someone hacked into their company email, possibly accessing sensitive documents. CNBC's Technology Executive Council, which includes some nonprofits, reports 36% of its members have noticed increased cyberthreats.
How to Protect Your Data
Generally, nonprofits are particularly vulnerable to data breaches — but it doesn't have to be that way. You can, and should, take steps to make sure your donors’ data, like bank information and demographics, is safe.
You may not realize just how much sensitive donor data you have. Every time you interact with supporters online, you get information, like their location or economic situation. Other knowledge you might have includes people’s browsing behavior, donation history and connection to your cause.
With so much personal information at stake, cybersecurity is essential. Here are five ways you can improve yours:
1. Hold Everyone to a Higher Standard
Data breaches can come from anywhere, so you need to hold everyone to a high security standard. Establish policies regarding how employees and volunteers manage data, even from home. Make sure everyone maintains safe internet practices, like using two-factor authentication and password variation.
Recommended policies include requiring employees to use firewalls and anti-malware software. Make sure no one does any business over unsecured or public Wi-Fi connections. To help everyone meet these higher standards, you should provide cybersecurity training and regular reminders about safe practices.
2. Limit Data Access
Because you work with donations, you're particularly susceptible to fraud. To avoid these internal data breaches, it helps to limit access as much as possible. Make sure you thoroughly screen volunteers and employees, and don’t hang onto any data you don’t need.
Information, like donors’ reasons for giving, can help you make connections and improve engagement. This data, however valuable, is sensitive, so you should restrict access to it. Only let people retrieve it when they need it for their job. If it doesn’t serve a specific goal, don’t store it.
3. Encrypt Everything
Encryption is the process of coding data, so only specific people can see it. If you use encryption software, it scrambles your signal, so hackers can’t decipher what's what. Some cloud providers offer built-in encryption, but you can also buy encrypted hardware or use third-party encryption software.
All employees and volunteers should only use encrypted hard drives. When you use the internet, use a virtual private network, which encrypts your Wi-Fi signal. If your data isn't encrypted, it's vulnerable.
4. Update Frequently
One of the easiest steps you can take to improve your cybersecurity is frequently updating your software. Cybersecurity is a fluid field, so software developers are continually rolling out updates to protect against new threats. As soon as these updates come out, install them.
If your device has the option to install updates automatically, turn it on. Outdated software is an easy target for hackers. Make sure you're always using the most up-to-date version of all your services.
5. Hire Cybersecurity Staff/Services
You can't expect yourself to be an expert in cybersecurity. You can, however, either create a dedicated cybersecurity department or outsource it to a security vendor.
If you’re still facing trouble after taking other steps, you may have to turn to cybersecurity professionals. A department or service focused on data security will provide fast and effective detection and response. Your budget may limit your options, but if you have the money, it’s worth considering.
Nonprofit Data Management
As a nonprofit, much of the most sensitive data you manage isn't yours. Donors entrust you to use their data securely and wisely, so you need to take the utmost care of it. A data breach doesn't just affect you — it harms your generous donors as well.
You're responsible for the safe management of knowledge, like other people's bank information. Given that responsibility, and the rise of cyberthreats, cybersecurity is a must for all nonprofits.