nonprofit and security

Nonprofit & Security

Is Your Nonprofit Organization Headed for a Data Breach?

Is Your Nonprofit Organization Headed for a Data Breach?

Data breaches: One of the leading threats in today’s digital world, with a new cyberattack occurring approximately every 39 seconds. Each year more businesses suffer the results of a cybersecurity incident, including the loss of sensitive data, the cost of repair and restitution, and the long-term damage to their reputation and loss of trust.

Data breaches not only threaten for-profit businesses; non-profit organizations are also increasingly being targeted by cybercriminals for their wealth of data. Everything from the private health information of employees to the credit card information of donors presents a goldmine of potentially exploitable data for those with ill intent and a desire to profit.

Unfortunately, many NPOs lack the time and resources to adequately protect their data against the threat of a data breach. Often, NPOs operate with out-of-date legacy infrastructure and minimal IT personnel to reduce operating costs, but cutting expenses in cybersecurity can risk creating more costly problems down the line. Let’s take a closer look.

The Current State of Security at Your NPO

For organizations seeking to decrease their cybersecurity vulnerabilities, the first step is getting a comprehensive understanding of the current risk environment. The extent of damage a potential threat can cause will vary between NPOs, but the risk is never zero. Knowing how much risk an organization faces is key to implementing effective, protective countermeasures.

To start, what kind of data does your organization collect, store, and transmit? Do you conduct e-commerce activities, such as collecting donations online? Do you collect Personally Identifiable Information (PII) from your donors or volunteers, including full names, email addresses, social security numbers, driver’s license numbers, or other personal information? The more data that you possess, the more data that you are ultimately responsible for protecting.

Next, where and how is the data being stored? Who has access to stored data? Is there local infrastructure being used, or does the organization store information in the cloud? Physical infrastructure and cloud storage have different strengths and weaknesses, but in general, an intentionally designed cloud environment is not only more secure from outside threats, but also offers more options for recovering lost or compromised data and should be strongly considered by organizations that have not yet committed to digital migration.

Finally, how does the organization transmit data? Data transmission can often be one of the more significant vulnerabilities that NPOs struggle with. Any time data is sent from one location to another, there is a risk of interception. Recently, the risk of insecure data transfer has increased as more and more individuals have begun accessing critical data from personal mobile devices or using personal digital storage solutions, like Dropbox or Google Drive, to transfer information.

How Aging Infrastructures and Processes Are Putting Your Nonprofit Organization at Risk

A major risk for cash-strapped NPOs is their reliance on systems whose lifecycles have been stretched past the point of obsolescence. One Cisco report found that aging infrastructure is becoming increasingly problematic from a cybersecurity perspective, making organizations vulnerable to malicious attacks and data breaches. Among the 115,000 devices analyzed in the report, a stunning 92% had software with known vulnerabilities to security incidents.

Unfortunately, many organizations have the misconception that because they are not "big" businesses, that they can "fly under the radar" when it comes to cyberattacks. In fact, small-to-medium-sized organizations are actually more likely to be targeted by hackers, as they often lack the resources to obtain and maintain the cutting-edge security systems possessed by larger businesses.

NPOs can also be put at additional risk by failing to update security processes. As new threats emerge, even the most secure technology can be thwarted by human error or negligence. While most employees and volunteers of an organization are well-intentioned, without ongoing cybersecurity training and robust organizational security policies, a single person within the organization can become the open door that allows a hacker to slip inside a secure system.

The Measures NPOs Can Take to Strengthen Security

Fortunately, there are steps that NPOs can take to protect their data against cybersecurity threats.

  1. Implement (Or Update) Organization-Wide Cybersecurity Policies: The first step in ensuring the security of an organization’s data is to have consistent, documented cybersecurity policies in place for all employees to follow. Some policies to consider including would cover where sensitive data is stored, how and when data is disposed of, who has access to data, how to securely transmit data, and which devices are permitted to access the data. For organizations that already have policies in place, conducting an annual review and update of the policies is advisable as systems and needs within the organization evolve.
  2. Provide Ongoing Cybersecurity Training: Next, all individuals within the organization who have access to secure data should receive ongoing cybersecurity training. Cybersecurity training should include, at a minimum, how to create secure passwords, recognizing phishing and other social-engineering threats, and how (and on which devices) users are permitted to access systems and data.
  3. Create A Data Recovery Plan: In the event of a cyberattack, one of the largest impacts to the organization can be the loss or compromise of critical data. Having a plan in place to consistently back up and protect data prior to an attack can make the difference between resuming operations within days or months. For many organizations, cloud storage can provide the optimal level of redundancy with the ability to store multiple backups in separate virtual locations, thereby preventing the loss of data if any one storage location becomes compromised.
  4. Add Additional Layers of Security: In many cases, running a vulnerability assessment may uncover areas where the organization is relying on a single layer of protection to secure private information. NPOs may need to consider adding a firewall, anti-virus software, security patches, multi-factor authorization, or proactive monitoring to increase the barrier between their data and the outside world.
  5. Partner With Cybersecurity Experts: In many cases, the best solution for an organization is to engage professional support in managing and monitoring their cybersecurity. Companies - such as SoftwareONE - offering security solutions will often provide a comprehensive package of services to address all of the above security measures from risk assessment to policy implementation, data recovery, and ongoing monitoring. Outsourcing aspects of an organization’s cybersecurity can not only provide a higher level of protection but can also allow NPOs to focus more time and resources on their primary missions and objectives.

How SoftwareONE Can Help Secure Your Data

Cybersecurity is a major concern for all businesses, and NPOs are no exception. The potential damage of a cyberattack or data breach can last for months or years, and some organizations may never be able to fully recover. Thankfully, there are measures that organizations can implement to better protect against or prevent a security incident.

For organizations that would like assistance in getting their cybersecurity up-to-speed, SoftwareONE can help. SoftwareONE’s ONEImpact initiative supports NPOs by removing the barriers to digital transformation to enhance digital security and increase operational efficiency while reducing costs.

As your technology partner, we ensure the safety of your sensitive data by managing your data recovery and backup processes while still allowing you complete control. And, with our nonprofit discount, we're able to provide a set of services to help you achieve long-term impact, regardless of where you're at in your transformation process.

Make an Impact with ONEImpact

Once your data has been stolen, it’s too late. Contact our cybersecurity experts and secure your data today.

Protect My Data

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Jessica Motta

Jessica Motta

Global Program Manager

ONEImpact Nonprofit Industry Team

Related Articles

Cybersecurity Updates June
  • 14 July 2022
  • Bala Sethunathan
  • Cybersecurity User Awareness, Cyber Threat Bulletin, Cybersecurity
  • Cyber Security, Information Security

Cyber Security Update June 2022

Several breaches at major healthcare providers, Log4J still a risk for some, cybersecurity skills shortage getting worse not better.

Getting Started with a Cyber Security
  • 12 July 2022
  • Joe Morley
  • Managed Security, Cybersecurity User Awareness, Cloud Security, Cybersecurity, Digital Transformation
  • Cyber Threats, Cyber Attack

Getting Started with a Cyber Security: Attack Types & The Attack Cycle

Charities and nonprofits hear about security a lot. Let’s take it back to basics. This first post outlines how attacks happen and the attack cycle.

Cyber Security Update May 2022
  • 23 June 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Data Security, Security, Ransomware

Cyber Security Update May 2022

Scammers are using more ruthless and sophisticated phishing techniques to acquire confidential data. Don’t let the criminals fool you.