For organizations seeking to decrease their cybersecurity vulnerabilities, the first step is getting a comprehensive understanding of the current risk environment. The extent of damage a potential threat can cause will vary between NPOs, but the risk is never zero. Knowing how much risk an organization faces is key to implementing effective, protective countermeasures.
To start, what kind of data does your organization collect, store, and transmit? Do you conduct e-commerce activities, such as collecting donations online? Do you collect Personally Identifiable Information (PII) from your donors or volunteers, including full names, email addresses, social security numbers, driver’s license numbers, or other personal information? The more data that you possess, the more data that you are ultimately responsible for protecting.
Next, where and how is the data being stored? Who has access to stored data? Is there local infrastructure being used, or does the organization store information in the cloud? Physical infrastructure and cloud storage have different strengths and weaknesses, but in general, an intentionally designed cloud environment is not only more secure from outside threats, but also offers more options for recovering lost or compromised data and should be strongly considered by organizations that have not yet committed to digital migration.
Finally, how does the organization transmit data? Data transmission can often be one of the more significant vulnerabilities that NPOs struggle with. Any time data is sent from one location to another, there is a risk of interception. Recently, the risk of insecure data transfer has increased as more and more individuals have begun accessing critical data from personal mobile devices or using personal digital storage solutions, like Dropbox or Google Drive, to transfer information.