How secure is your data? Data breaches and cyberattacks at major companies like Equifax, Target, eBay, Yahoo and Sony dominate the headlines and more attacks are reported almost every day. However, cyberattacks are not limited to large corporations and nonprofits are not immune to cyberthreats. A recent study by NetDiligence ranked nonprofit organizations as one of the top five business sectors most impacted by cyberattacks.
As the numbers of breaches and incidents increase significantly every year and hackers launch more brazen and sophisticated attacks, nonprofits need to make cybersecurity a top priority. Failure to ensure your data is secure can be very costly to your organization.
Why Nonprofits Are Targeted
- Nonprofits maintain a vast amount of sensitive data including donor information, social security numbers, employee records and banking information.
- Limited resources often result in nonprofits using outdated Older operating systems, computers and networks are more susceptible to data breaches.
- Outsourcing which can put sensitive data at risk if the vendor does not have controls in place.
Costs of a Data Breach
Failure to ensure your data is secure can have a devastating impact on your organization and could potentially lead to the organization shutting down.
- NetDiligence reports a single data breach can cost an average of $665,000, which can cripple an organization’s budget.
- Maintaining a positive reputation is essential for a nonprofit. A data breach can break donors’ trust in the nonprofit and cause irreparable harm to nonprofit’s reputation.
Developing a Cybersecurity System Structure
Although nonprofits confront the same cybersecurity risks as for-profit companies, nonprofits are generally behind in adopting cybersecurity policies and strategies. To adequately protect sensitive data, nonprofits need to proactively implement an infrastructure to prevent data breaches and cyberattacks. A cybersecurity system should cover the following:
- Make cybersecurity a priority.
- Assess and mitigate data security risks.
- Adopt data security policies, procedure and processes related to data security including policies related to record retention, incident reporting and access control.
- Implement a process to limit the impact of monitor and detect threats to systems and data on a timely basis.
- Develop a plan to respond to and contain the impact of a data breach or other security incidents.
- Conduct cybersecurity awareness training to inform employees and volunteers how to handle sensitive data, understand and recognize types of attacks and report a suspected incident.
- Institute a recovery plan to resume and restore normal operations following a cyberattack.