When you think of cybersecurity and data breeches, large government, financial, and retail entities typically come to mind. Since we tend to only hear of breaches with big-named, for-profit entities, many in the not-for-profit space tune it out, thinking these are problems only businesses experience.
The reality is that data breaches can occur with any organization. Analysis of data breaches continues to highlight that more and more not-for-profits are being targeted. Surprised? Most are. The reason is that while large retailers and financial institutions have a huge target on them (no pun intended), they also have extensive security systems, which is why hackers are now targeting not-for-profits. Why try to break into the equivalent of Ft. Knox when you can walk right into a small non-profit’s back door?
According to Verizon’s DBIR, 96% of attacks are not very difficult which means even novice hackers can exploit most systems. Yet the report points out that many cyber attacks could be prevented through a more vigilant approach to cybersecurity.
Unfortunately, these breach events can do irreversible damage to an organization’s reputation and its financial stability. Loss of reputation alone can force a smaller non-profit to shut its doors, as the breach is almost guaranteed to get picked up by the local media and social networks.Keep in mind, even if your not-for-profit does survive the reputational loss, the costs of settlements, notifying affected parties, and monitoring breached parties are sure to put a financial strain on the organization. These costs are not covered by general insurance, but by cyber-security insurance, which many not-for-profits either don’t have or the coverage is inadequate.
Remember this: the worst possible decision is to do nothing. A not-for-profit does not have to spend significant resources on information security in order to protect the organization – but it should have some funds dedicated to cyber security. Regardless of the focus of your not-for-profit, technology is now a part of everyday life and business. And if you collect donations like most not-for-profits, you probably are collecting and storing in some capacity sensitive information that hackers may find very valuable in an attack (such as names, addresses, credit card information, etc.). Also bear in mind a data breach doesn’t just equate to a cyber attack. It can be because of human error, such as a misplaced laptop, smartphone, or flash drive containing sensitive information.