Interested in reading the original? Check out the original guest post by Bill Sayre over at Nonprofit Markting Guide.
From Target to Home Depot, security breaches are being discovered at an alarming rate. In fact, reports have cited a 48 percent increase in cyber arttachs from 2013 to 2014. With charitable giving totaling more than $16b in 2014, nonprofits are bcoing increasingly enticing targets for cyber criminals. As this happens, potential donors are becoming more concerned with the safety of their personal and financial informaiton.
While the financial repercussions of a breach are damaging, with reports showing that the average breach costs around $720,000, the impact on donor relationships is of even greater concern. Trust, more than anything, is crucial to maintaining and nurturing donor relationships. Nonprofits and the organizations that support them must evaluate their security IQ and put the right security in place to protect donor information from being compromised.
A key area for many nonprofits is the processing of donations that are received via the mail. This function is often outsourced, but whether it is managed through a third-party vendor or in-house, it is important to know that those donations are being handled as securely as possible. So, what can nonprofits do to boost their security intelligence and ensure donor information remains secure throughout the entire donation processing lifecycle? Start by addressing these areas:
Physical security should be the first line of defense in protecting donor information and step #1 in improving a nonprofit’s security IQ. Complete 24/7/365 surveillance is critical for safeguarding donations and donor information. First, nonprofits and any organizations that handle their information should ensure access to the facility is carefully controlled and security cameras are in place. Additionally, the movement of the mail from the Post Office to the processing facility should be handled by at least two staff members that have had complete background checks and the movement of the vehicle should be tracked using GPS technology.
Other items to address include providing photo ID badges for all staff and restricting access to various departments in the facility based on job function. Many nonprofits receive cash in addition to check and credit card donations. With cash donations, a process known as tray seeding is recommended to confirm that cash is properly processed. Before trays of remittance envelopes are given to employees for processing, managers photocopy the contents of the envelopes including any cash. Once employees have completed their trays, the processed mail is cross-referenced with the original photocopies to make sure all cash is still intact. Trash bins should also be checked for any irregularities.
Dealing with data security issues may be challenging or even a bit intimidating for nonprofits that are already stretched thin, but a nonprofit doesn’t need to be a security genius to intelligently address data security. It is important to start with the basics.
Consider beginning with standard data security software. Data security software can include firewalls, antivirus software, spam and spyware software, activity monitoring software, data-loss prevention software and intrusion detection software. These solutions can track where a threat originated, making it easier to combat security issues if they do occur. Overall, security software is critical to protect against intrusions and provide valuable security feedback to your nonprofit.
Data encryption is also important to incorporate into your security strategy. Nonprofits and donation processors should provide end-to-end data encryption on all inbound and outbound data files. Once data is encrypted, it is wise to conduct random network penetration tests to ensure that the network remains secure. It is best to conduct these tests at least four times per year.Interested in reading more? Check out the original guest post by Bill Sayre over at Nonprofit Markting Guide.