Should Nonprofits Worry About Cyber Threats?
January 27, 2015 at 5:44 PM
President Obama recently announced that he will build on the measures his administration has taken to safeguard American businesses and consumers from cyber threats. While much of the focus of late surrounding cyber attacks has been on commercial business, nonprofits are just as susceptible to the schemes of hackers.
A single nonprofit routinely maintains large amounts of sensitive data. Credit card numbers, emails, addresses, past donation amounts, and other personal information pertaining to your donor base is likely collected and stored on a computer network. This digital information may be the foundation of your organization, but to cyber criminals, its a potentially lucrative business opportunity.
Like many small nonprofit executives, you may not have considered that your organization could be the subject of a cyber attack. However, as your organization continues to rely heavily on electronic, digital and web based systems - including those used to process online giving - you must take the necessary precautions to ensure your donors’ personal information is safe. Exploited vulnerabilities in your organization’s firewalls, a compromised password, an employee inadvertently clicking a phishing link, can have severe repercussions for a nonprofit or charity.
Philanthropic efforts can often create significant security issues when collecting the sensitive information necessary to secure donations. Beyond the public relations blowback that a data breach would create, penalties and costs associated with informing donors and other stakeholders and provisions for credit monitoring services for affected individuals’ could be difficult to accommodate given limited financial resources of many nonprofits.
The relationship between a nonprofit and its donor base is a unique one. Unlike commercial transactions between buyers and sellers, people aren’t forced to give in exchange for some good or service. Individuals donate to charities and nonprofits because they have made a personal investment in the organization and or its cause.
Due to the more intimate nature of the donor-nonprofit relationship, these organizations should go above and beyond to prevent donors’ information from falling into the wrong hands. With over 80 percent of Americans giving nearly 3.2 percent of their income to nonprofit charities annually, a nonprofit could stand to lose a great deal if their donors cease their giving following a information breach. For these reasons, nonprofits should be every bit as aware of potential cyber attacks as for-profit businesses, if not more so.
The key is to be vigilant, not worried. Assessing and eliminating weaknesses in your security systems, reviewing security policies and protocols with employees, and updating anti-virus on every device in your organization are just a few ways you can protect your donors’ information. Furthermore, ask whether or not your organization has insurance coverage for cyber related attacks and whether or not the policy includes public relations and/or crisis management services should a breach occur.