With our limited resources, keeping secure is often overlooked. But nonprofit cyber security needs should be top of mind. Nonprofits store a ton of personal information online. Information such as donor data, credit card information, staff employment and health insurance. Imagine how your donors would feel about sharing any information, were there a breach in cyber security putting them at risk.
In July, Third Sector Today discussed Cyber Security with digital strategist Chris Dufour with Cyber Security Q&A: Nonprofits at Risk.
When asked what is important for nonprofits to understand about security, Dufour said, “I hear that it’s just not a big deal: ‘Who would want to hack my organization?’ Well, if you’re not spending ANY attention on your own cyber security, then how do you know WHO’S a threat to you? You don’t. In many cases, you’ll never know.
“But there’s some simple things you can do to make your nonprofit appear to be less of a target, which is all it takes sometimes to deter a hack,” Dufour confirmed, sharing his observations.
In Nonprofit Cyber Security – How to Lock Your Electronic Door Part I and Part II, Joseph Steinberg provides tips for cyber security:
Commit – Be active and don’t let security be placed aside.
Design – Create a cyber security plan. Keep a calendar of monthly to-do’s or set reminders. Maintain a chart of when information should be updated, when passwords should be changed, and when to remind employees of the policy updates and additions.
Permission – Set policies that states who has access to what. Of course, every employee does not need to have access to all the personal information of other employee or donors.
Respect – Employees should respect and conform to all policies. This is important for organizations of all sizes. Each department should understand and apply the policies, but overall protocols should be familiar to all staff members.
Don’t Store – Understand credit card security rules. This is easy: Never store credit card information. This may be a hassle for regular donors and event ticket buyers, but it will keep their information safe.
Encrypt – Encrypt any personal data that must be stored.
Update – Regularly update your computer’s firewall, virus protection, and even passwords. Send reminders about these updates. This can be every month or two.
And don’t forget: Always back up your data. It can be through the cloud, on another device, or even paper.
When asked about storing data, Dufour said “Just take appropriate security precautions ALWAYS when storing data in the cloud. Use SUPER-STRONG password strings and don’t hang everything in the same place. Aim to make it difficult as you can for a potential attacker to get over your castle wall.“
- Does your organization promote security?
- Can you restore data if your computer crashes?
- Are you protected from viruses and worms?
- Are you safe from malicious hackers?
- Is your mailing list safe from spammers?
- Are your confidential files safe?
- Are you prepared for the worst?
On that note, don’t you want to change some passwords and back up some data now?
For more on security internally and online:
Computer Security Practices in Nonprofit Organizations