A growing imperative for nonprofits
Nonprofits have a responsibility to provide secure, resilient, and accessible digital presence for their many diverse stakeholders. Increasing legal requirements demand a secure environment that respects staff’s and beneficiaries’ right to privacy. Many government and private donors have started mandating minimum cybersecurity and data protection standards for nonprofits, and may cease funding organizations that fail to meet their standards.
Why is your nonprofit an easy target?
Like their for-profit counterparts, many nonprofits handle sensitive information which may include donor financial data, health data, personally identifiable information, or other highly confidential matters, which can make nonprofits attractive targets for both state and criminal actors. At the same time, malicious actors know that many nonprofits lack the resources to modernize their technology and sufficiently protect themselves, making them easy targets for attack.
How does your security readiness stack-up?
Whether nonprofit boards and executives know it or not, cybersecurity and data protection are two of the most pressing issues nonprofits face. Any nonprofit operating on outdated hardware and software is putting their organization and their stakeholders at risk. A recent survey by Microsoft shows how many nonprofits struggle to manage their IT infrastructure and data security:
- 60% of nonprofit professionals do not have or know of an organizational digital policy identifying how their organization handles cybersecurity risk, equipment usage, and data privacy
- 74% of nonprofits reported that they do not use multifactor authentication to access agency email and other business accounts
- 92% stated their staff could access organizational email and files using their personal device
These statistics demonstrate many nonprofits have a significant amount of work to do to bring their cybersecurity and privacy practices up to date. Considering that 43% of cyberattacks target nonprofits and small organizations, the case is clear: nonprofits must take the necessary steps to protect their donors and beneficiaries.
Six important Cybersecurity questions
Breaches, compromised data, and cyberattacks can put your workers, beneficiaries, and your organization at risk, disrupt nonprofit operations and services, expose nonprofits to liability, and tarnish the reputation they have painstakingly built. Consider the following cybersecurity questions for your organization:
- Can you identify the security risks within your nonprofit?
- What safeguards do you have in place to protect against security threats? Do you have access control procedures? Is your staff trained on security awareness? Did you establish data security practices?
- Can you detect security incidents?
- Can you respond to security incidents? Do you have a plan in place?
- How do you recover from a security incident?
- Have you implemented specific, high-value security controls such as backups, software updates, multifactor authentication, remote access policies, system monitoring, and restrict or managing usage of personal mobile devices?
Cloud Solutions for your Cybersecurity Problems
It’s clear that nonprofits face several challenges in developing and implementing effective cybersecurity and data protection compliance. There are no magic solutions. However, in many cases, cloud computing can help nonprofits achieve their cybersecurity and privacy goals in many ways:
- Focusing resources. By allowing organizations to pay only for the computing resources they need, when they need them, cloud computing can save nonprofits money, enabling them to invest more of their time and resources on their core missions.
- Simplifying governance. Because applications and services are hosted in datacenters that are operated and maintained by the cloud service provider, cloud computing reduces the burden on nonprofits to install, maintain, and update hardware and software.
- Cloud security. Perhaps most significantly, the cloud also delivers an immediate step change in security for nonprofit, without a large upfront investment. This is valuable for both cybersecurity and data protection compliance.
Learn more. We recommend that you check out these 4 Key Areas of Intelligent Security for Nonprofits.