Data breaches: One of the leading threats in today’s digital world, with a new cyber attack occurring approximately every 39 seconds. Each year more businesses suffer the results of a cyber security incident, including the loss of sensitive data, the cost of repair and restitution, and the long-term damage to their reputation and loss of trust.
Data breaches not only threaten for-profit businesses; non-profit organizations are also increasingly being targeted by cyber criminals for their wealth of data. Everything from the private health information of employees to the credit card information of donors presents a goldmine of potentially exploitable data for those with ill intent and a desire to profit.
Unfortunately, many NPOs lack the time and resources to adequately protect their data against the threat of a data breach. Often, NPOs operate with out-of-date legacy infrastructure and minimal IT personnel to reduce operating costs, but cutting expenses in cyber security can risk creating more costly problems down the line. Let’s take a closer look.
For organizations seeking to decrease their cyber security vulnerabilities, the first step is getting a comprehensive understanding of the current risk environment. The extent of damage a potential threat can cause will vary between NPOs, but the risk is never zero. Knowing how much risk an organization faces is key to implementing effective, protective countermeasures.
To start, what kind of data does your organization collect, store, and transmit? Do you conduct e-commerce activities, such as collecting donations online? Do you collect Personally Identifiable Information (PII) from your donors or volunteers, including full names, email addresses, social security numbers, driver’s license numbers, or other personal information? The more data that you possess, the more data that you are ultimately responsible for protecting.
Next, where and how is the data being stored? Who has access to stored data? Is there local infrastructure being used, or does the organization store information in the cloud? Physical infrastructure and cloud storage have different strengths and weaknesses, but in general, an intentionally designed cloud environment is not only more secure from outside threats, but also offers more options for recovering lost or compromised data and should be strongly considered by organizations that have not yet committed to digital migration.
Finally, how does the organization transmit data? Data transmission can often be one of the more significant vulnerabilities that NPOs struggle with. Any time data is sent from one location to another, there is a risk of interception. Recently, the risk of insecure data transfer has increased as more and more individuals have begun accessing critical data from personal mobile devices or using personal digital storage solutions, like Dropbox or Google Drive, to transfer information.
A major risk for cash-strapped NPOs is their reliance on systems whose lifecycles have been stretched past the point of obsolescence. One Cisco report found that aging infrastructure is becoming increasingly problematic from a cyber security perspective, making organizations vulnerable to malicious attacks and data breaches. Among the 115,000 devices analyzed in the report, a stunning 92% had software with known vulnerabilities to security incidents.
Unfortunately, many organizations have the misconception that because they are not "big" businesses, that they can "fly under the radar" when it comes to cyber attacks. In fact, small-to-medium-sized organizations are actually more likely to be targeted by hackers, as they often lack the resources to obtain and maintain the cutting-edge security systems possessed by larger businesses.
NPOs can also be put at additional risk by failing to update security processes. As new threats emerge, even the most secure technology can be thwarted by human error or negligence. While most employees and volunteers of an organization are well-intentioned, without ongoing cyber security training and robust organizational security policies, a single person within the organization can become the open door that allows a hacker to slip inside a secure system.
Fortunately, there are steps that NPOs can take to protect their data against cyber security threats.
The first step in ensuring the security of an organization’s data is to have consistent, documented cyber security policies in place for all employees to follow. Some policies to consider including would cover where sensitive data is stored, how and when data is disposed of, who has access to data, how to securely transmit data, and which devices are permitted to access the data. For organizations that already have policies in place, conducting an annual review and update of the policies is advisable as systems and needs within the organization evolve.
Next, all individuals within the organization who have access to secure data should receive ongoing cyber security training. Cyber security training should include, at a minimum, how to create secure passwords, recognizing phishing and other social-engineering threats, and how (and on which devices) users are permitted to access systems and data.
In the event of a cyber attack, one of the largest impacts to the organization can be the loss or compromise of critical data. Having a plan in place to consistently back up and protect data prior to an attack can make the difference between resuming operations within days or months. For many organizations, cloud storage can provide the optimal level of redundancy with the ability to store multiple backups in separate virtual locations, thereby preventing the loss of data if any one storage location becomes compromised.
In many cases, running a vulnerability assessment may uncover areas where the organization is relying on a single layer of protection to secure private information. NPOs may need to consider adding a firewall, anti-virus software, security patches, multi-factor authorization, or proactive monitoring to increase the barrier between their data and the outside world.
In many cases, the best solution for an organization is to engage professional support in managing and monitoring their cyber security. Companies - such as SoftwareOne - offering security solutions will often provide a comprehensive package of services to address all of the above security measures from risk assessment to policy implementation, data recovery, and ongoing monitoring. Outsourcing aspects of an organization’s cyber security can not only provide a higher level of protection but can also allow NPOs to focus more time and resources on their primary missions and objectives.
Cyber security is a major concern for all businesses, and NPOs are no exception. The potential damage of a cyber attack or data breach can last for months or years, and some organizations may never be able to fully recover. Thankfully, there are measures that organizations can implement to better protect against or prevent a security incident.
For organizations that would like assistance in getting their cyber security up-to-speed, We can help. SoftwareOne’s ONEImpact initiative supports NPOs by removing the barriers to digital transformation to enhance digital security and increase operational efficiency while reducing costs.
As your technology partner, we ensure the safety of your sensitive data by managing your data recovery and backup processes while still allowing you complete control. And, with our nonprofit discount, we're able to provide a set of services to help you achieve long-term impact, regardless of where you're at in your transformation process.
Once your data has been stolen, it’s too late. Contact our cybersecurity experts and secure your data today.
Once your data has been stolen, it’s too late. Contact our cybersecurity experts and secure your data today.
