You might think it could never happen to you but one morning you find out your website no longer exists or it’s connected to a site you’re ashamed to show. Don’t think your small nonprofit would be of interest to a hacker? Well, according to a recent FBI report, there’s been a 270% increase in online fraud and cyber scams in the past two years and smaller organizations and nonprofits tend to be the latest targets. Hackers find these organizations to be less technically savvy and lacking in security measures that protect their websites and other technology, making them an easy target. Not only is it terribly inconvenient to have your business operations taken over by a hacker, it raises multiple ethical and legal issues to consider.
Here are a few reasons to be concerned:
- Conducting nonprofit business often requires collecting information protected by law as confidential. A breach in this confidentiality poses a risk for individuals whose data has been disclosed and puts the nonprofit in a position of being subject to liability for the breach.
- Many nonprofits use a website URL’s that ends in .org. which can help them rank higher and have better visibility in donor searches. However, this also results in making them easier to find for hackers.
- If you do any e-commerce on your website, such as processing donations or event registrations, personal payment information could be compromised or stolen.
- Information handled by nonprofits are of interest to hackers including donor information, client records, confidential emails, habits and preferences of donors, patrons, and other data.
Donor and client trust are imperative for nonprofit operations, having to notify your donors or clients that their personal information (such as medical information, employee records, social security numbers, driver’s license number, etc.) have been compromised could result in serious consequences for the nonprofit.
So what’s a nonprofit to do?
- Start by attending the upcoming Spokes workshop: “Don’t Get Hacked!” Thursday, March 7, 9-11 a.m. facilitated by Rony Krell. You’ll learn is to better understand the cybersecurity landscape, the costs of data breaches, and proactive strategies you can take to protect your nonprofit. Each participant will receive an actionable cybersecurity checklist to take back and use at your nonprofit. The information will be presented in a way that won’t require any technical expertise to understand the information.
- Take an assessment of your data to determine what data you store on individuals, where the data is stored, how much you actually need, and data what you could do without. This simple one-page inventory tool will help you think through this process.
- Determine whether the data you collect and maintain is considered “personally identifiable information” by federal or California regulations. If so, there are several steps you would have to take to inform those affected of a security breach. Look in the resources section below to prepare for this possibility.
- Learn how to secure your data and take the necessary steps to make that happen such as making sure you have proper firewalls, virus protection, and regular file backups.
- Be sure you has an HTTPS certificate that encrypts data transmitted between your website the user’s browsers. If you use laptops, consider encrypting the hard drives to scramble data until an encryption key is used. This won’t protect again hackers but it will protect against anyone who might have physical access to your computer.
All of this might sound complicated but you can easily learn the basic steps to enhance your cyber-security in our upcoming workshop “Don’t Get Hacked!”. Be sure to visit the additional resources for more information and several downloadable tools and resources.