In a digital world that is constantly connected, your nonprofit faces cybersecurity risks on a daily basis. Cyberattacks are all too common. While many of these data breaches at nonprofits are smaller affairs, it’s important to approach the subject with care and make sure you have a plan ahead of time. For smaller nonprofits, you may need to outsource some of the cybersecurity tasks or keep your systems self-contained in a third-party solution that will manage cybersecurity for you. For larger nonprofits, you may need to do more. Regardless of the size of your organization, there are key steps you can take now to boost your cybersecurity and help prevent cyberattacks on your nonprofit.
To safeguard your nonprofit’s cybersecurity, it’s important that someone is responsible for cybersecurity at your organization. Without a point person, your nonprofit’s cybersecurity won’t be a priority and can easily be ignored until it’s too late. Whether it’s your IT leader, operations manager, or a member of your executive team, it’s important that you have a point person for cybersecurity at your nonprofit.
Your board of directors should be consistently checking in on cybersecurity with the executive team, and you should have a regular report that analyzes the risks and countermeasures put in place to ensure your nonprofit’s cybersecurity. Consider asking a corporate partner for advice on what they’d recommend for your cybersecurity if your employee isn’t sure where to start.
You need to have a plan for your nonprofit’s cybersecurity that is both proactive and reactive. You want a proactive cybersecurity plan for your nonprofit that considers how to protect your data and accounts and avoid a data breach or cyberattack. You also need a cybersecurity crisis response plan for your nonprofit to address a cyberattack or data breach—as soon as the first sign of a cyberattack is detected, everyone on your team should be aware of what the next steps are. Much like a fire drill, a cybersecurity drill can help your team feel confident in next steps and give you crucial time to contain a cybersecurity breach as soon as possible—giving any cyberattacker or hacker as little time to do damage or steal data as possible. As you put together a cybersecurity crisis response plan for your nonprofit, you need to answer a few questions.
If a cybersecurity breach at your nonprofit is detected, you should have the crisis team identified immediately. Your executive team should know as soon as possible, and it’s a good idea to have a communications plan in place to cascade the information to your employees and your board of directors. Staying in touch via cell phone or face-to-face meetings may be preferable since depending on the cybersecurity situation not everyone may have access to your organizational emails or cloud files.
Talk through with the team how to quarantine data and breached accounts in the event of a cyberattack on your nonprofit. It’s important to know all the various access points and logins that account has so that you can preserve the cybersecurity of your nonprofit. Keep a running list of logins for each account, especially any logins that have saved payment information or other sensitive content. That will help streamline quarantining that account or data if your nonprofit is the target of a cyberattack.
Communicating about a data breach or cyberattack to your board of directors and internal stakeholders is important, but you should also contact local law enforcement. They may be able to help you identify and address a cyberattack in a way that would be more challenging to do on your own. You’ll also have a record if you need it for legal or insurance purposes down the road.
Be as transparent as you can be without causing undue alarm. You’ll want to notify organizational partners and any donors who may have had sensitive information accessed. You’ll also probably receive inquiries from local press outlets about the breach, so be prepared with a statement.
Especially if you’re a smaller nonprofit, outsourcing some of your cybersecurity can be an efficient way to protect your data and your employees. Cloud based providers like Microsoft and Google implement their own cybersecurity measures to prevent unauthorized access or data breaches. By hosting your internal files and keeping your team all within one cloud based provider, you can benefit from their extended work and expertise. This isn’t a replacement for thinking through cybersecurity internally, but it will help bolster your nonprofit’s cybersecurity without incurring a huge additional cost.
One of the biggest dangers when it comes to cybersecurity is unauthorized access to your data and accounts. Set your organization’s default access settings to restrict users from data and files unless they need it—you may have some frustration from your team with having to request access, but you’ll also plug many of the dangerous holes in your nonprofit’s cybersecurity plan. By restricting access, you’ll avoid many of the most significant risks to your cybersecurity.
Another way to prevent potential cybersecurity issues is by using multi-factor authentication for your employees. Require any login to be confirmed with a push notification or text with a unique code to their cell phone. It’s much more difficult to get around multi-factor authentication for a hacker, and this simple step can boost your nonprofit’s cybersecurity overnight. There are many available tools for multi-factor authentication.
Tools like CharityGiving and iBid include software encryption to help keep your data and your donors’ information safe. Make sure that any software tools you use to accept donations, track financials, or store your donors’ information are secure and well-protected. Do your research about any tools you currently have or any you’re considering to make sure your nonprofit is protected and that those tools consider cybersecurity at your nonprofit as a top priority.
While cybersecurity at your nonprofit needs to be the responsibility of one person on your team in particular, every employee has a part to play in keeping your nonprofit’s data and donor information secure. It’s important that your employees understand the important of cybersecurity at your nonprofit and see how their everyday actions can contribute towards protecting your nonprofit. Educate new and existing employees on the importance of password security, why access is restricted, and what to watch out for when it comes to phishing emails. Many data breaches and cyberattacks are the result of human error, including clicking on spam links in a phishing email.
Build education on cybersecurity into your onboarding and your annual trainings around sexual harassment, ethics, and other human resource priorities. It’s important that all of your employees understand their role in cybersecurity at your nonprofit.
Cybersecurity needs to be a top priority for nonprofits, especially in our increasingly digital world. Make a plan for how to prevent a cyberattack as well as what to do in the event your nonprofit is targeted. Being proactive can help your nonprofit avoid a serious data breach and the public blow to its reputation that would follow.
• Create & Track Fundraisers, Scholarships, Grants & More!
• Manage & Grow Donor Base
• Process, Track, and Analyze Donation Requests
• Manage Volunteer Opportunities
• Supercharge Employee Engagement
• Champion the Causes that Matter to YOU!