As a result of alleged Russian interference in the 2016 U.S. Presidential election, hacking has been in the news nonstop. Unfortunately, most Americans are unaware of the extent their cyber systems are at risk and what this means to their organizational success and their personal lives.
As a nonprofit leader, you might be thinking, "Not us, we're not the kind of business or organization criminals are interested in; we don't have the big money or the kind of data criminals want to access." But, you would be wrong. Nonprofits are a potential treasure trove of data that bad actors might want to access.
What makes nonprofits so attractive to bad actors?
First, nonprofits have just the kind of personal information that criminals find attractive:
- Employee personal identification information
- Donor financial information
- Member contact information
This information can be use to steal money outright or act as a means of identity theft, access to additional systems, etc.
Second, nonprofits’ networks tend to be distributed and accessed by a wide number of users (staff, members, donors, clients, supporting collaborative organizations, etc.), providing bad actors a variety of potential physical and virtual access points.
Finally, nonprofits tend not to invest adequately in preventing and preparing for cybersecurity issues. According to the most recent Not-for-Profit Governance Survey by CohnReznick, only 29% of respondents reported completing a cybersecurity vulnerability assessment or test. Additionally, most respondents said they would be spending the same or less on protecting their data in the coming year. Bad actors understand that cybersecurity isn't a priority for nonprofits, often because many are strapped for resources and see the cost relative to gain as too great.
Why is it important to prevent and be prepared for a cyber attack or other potential threats to cyber systems and data?
Nonprofits are reputation-based organizations: Employees need to believe the organization is protecting their personal information; donors need to believe their financial and contact information is protected; clients need to believe their medical, financial, or personal information is not subject to compromise; and members want to know their contact information is not being released to unauthorized people or organizations.
When--not if--a nonprofit's cyber systems are attacked and the data is compromised, the nonprofit's very existence may be at stake. If employees, members, clients, or donors do not believe the organization did everything it could to prevent the incident or was not prepared to respond appropriately, the nonprofit's mission may never recover. Clients, members, and donors may simply walk away and find another organization to meet their needs or make better use of their support.
To help you and your organization prepare for and respond to potential cyber threats, we encourage you to join our four-hour Cybersecurity for Nonprofits 101 class on August 25th. Our newest trainer, Kathy Helms is a retired Naval officer who worked signals intelligence and cyber mission for more than 25 years. She has developed a course to help nonprofit leaders understand the cybersecurity threat, why they should be concerned about cybersecurity and their organizational responsibilities, as well as how they can lead their organizations in meaningful ways to counter cybersecurity threats.
This course is recommended for nonprofit executives, program directors, and IT staff responsible for ensuring the integrity of their information technology systems that support every element of their business operations.
Read the full class description and register online.
Kathy Helms holds an M.S. in Systems Technology - Space Systems Operations from the Naval Postgraduate School in Monterey, CA, and an M.S. in Cybersecurity from the University of South Tampa. She's currently a doctoral student at USF and teaches leadership development courses for the Office of Personnel Management for federal agencies throughout the United States.