Nonprofit budgets are always stretched thin, and funds to cover operational expenses are often the hardest to find. As with any ‘insurance’ kind of expenses, it often seems really expensive and not a lot to show for it. That is, until something goes wrong.
Me, a target?
Nonprofits often don’t think they are much of a target for hacking , “ What do we have that they would want?”. Surprisingly, you have a lot. You have donor names, contact information and networks and connections, depending on your donor management system. You have financial data, giving history and prospects as well has having quite a bit of information about your board, your budgets and staff information. While your 990 maybe a public document, your internal financial information is not. Some organizations even save credit card information for convenience.
It’s Only Boring Till You Get Hacked
It may seem pretty dull to some, but who knows what those that would steal this kind of data are both looking for and what they could do with that information. Any breach of your records could put your organization’s information at risk. While it seems that even the biggest and best can be targeted, there are a few things you can do to make your own data less vulnerable.
- Acknowledge the need for these steps and how important it will be to keep your cybersecruity in mind. Don’t let it drift to the edge of your desk. Decide to make a plan and act on it.
- Make the plan, put it on the calendar for update and review regularly. It could be password changes, it could be policies about visiting outside websites, or changes to other aspects of access to your online data or adding or deleting someone’s access.
- Decide who is allowed to see what: what information does that staff need to see, what information does the board have access to, who can request information. Keep track of who does have access to sensitive information.
- Make sure everyone is on the same page: have the conversation to assure everyone understands how big a deal this is, what the rules and policies are and to be alert if they notice anything funny that needs attention. Be sure everyone knows what to do and not to do, and it is clear how to protect themselves.
- Be consistent, make sure that you and everyone using your system follows the rules, no short cuts or go-arounds.
- Make sure you have at the very least one automatic back up system, maybe even two, or even a regular file transfer to a different computer. Check on it as part of your monthly chores to see that the backup is current. Double check virus protection and malware, change passwords on certain accounts, password- protect and encrypt sensitive files and documents.
- Don’t ever save credit card information: if you don’t have it, they can’t steal it.
As has discussed before*, the kind of people who do this, and there are a lot of them, have no scruples, and your data is fair game. Make it just that much harder to access it and protect yourself and your organization’s critical files. We are all painfully aware of the security breaches that happen all around us; any steps you take now to prevent or avoid data theft will be a whole lot easier than the steps you might have to take after you have been attacked. Plus you won’t have to explain why you didn’t do this earlier.
Give us a call and we can help you secure your organization. 310 828 6979
Are You Invisible? http://www.laurenassociates.com/blog/are-you-invisible?rq=invisible
image credit: http://dti.delaware.gov/cyberexercise/hooded%20hacker.jpg