A growing imperative for non-profits
Non-profits have a responsibility to provide secure, resilient, and accessible digital presence for their many diverse stakeholders. Increasing legal requirements demand a secure environment that respects staff’s and beneficiaries’ right to privacy. Many government and private donors have started mandating minimum cybersecurity and data protection standards for non-profits, and may cease funding organizations that fail to meet their standards.
Why is your non-profit an easy target?
Like their for-profit counterparts, many non-profits handle sensitive information which may include donor financial data, health data, personally identifiable information, or other highly confidential matters, which can make non-profits attractive targets for both state and criminal actors. At the same time, malicious actors know that many non-profits lack the resources to modernize their technology and sufficiently protect themselves, making them easy targets for attack.
How does your security readiness stack-up?
Whether non-profit boards and executives know it or not, cybersecurity and data protection are two of the most pressing issues non-profits face. Any non-profit operating on outdated hardware and software is putting their organization and their stakeholders at risk. A recent survey by Microsoft shows how many non-profits struggle to manage their IT infrastructure and data security:
- 60% of non-profit professionals do not have or know of an organizational digital policy identifying how their organization handles cybersecurity risk, equipment usage, and data privacy
- 74% of non-profits reported that they do not use multifactor authentication to access agency email and other business accounts
- 92% stated their staff could access organizational email and files using their personal device
These statistics demonstrate many non-profits have a significant amount of work to do to bring their cybersecurity and privacy practices up to date. Considering that 43% of cyberattacks target non-profits and small organizations, the case is clear: non-profits must take the necessary steps to protect their donors and beneficiaries.
Six important Cybersecurity questions
Breaches, compromised data, and cyberattacks can put your workers, beneficiaries, and your organization at risk, disrupt non-profit operations and services, expose non-profits to liability, and tarnish the reputation they have painstakingly built. Consider the following cybersecurity questions for your organization:
- Can you identify the security risks within your non-profit?
- What safeguards do you have in place to protect against security threats? Do you have access control procedures? Is your staff trained on security awareness? Did you establish data security practices?
- Can you detect security incidents?
- Can you respond to security incidents? Do you have a plan in place?
- How do you recover from a security incident?
- Have you implemented specific, high-value security controls such as backups, software updates, multifactor authentication, remote access policies, system monitoring, and restrict or managing usage of personal mobile devices?
Cloud Solutions for your Cybersecurity Problems
It’s clear that non-profits face several challenges in developing and implementing effective cybersecurity and data protection compliance. There are no magic solutions. However, in many cases, cloud computing can help non-profits achieve their cybersecurity and privacy goals in many ways:
- Focusing resources. By allowing organizations to pay only for the computing resources they need, when they need them, cloud computing can save nonprofits money, enabling them to invest more of their time and resources on their core missions.
- Simplifying governance. Because applications and services are hosted in datacenters that are operated and maintained by the cloud service provider, cloud computing reduces the burden on nonprofits to install, maintain, and update hardware and software.
- Cloud security. Perhaps most significantly, the cloud also delivers an immediate step change in security for non-profits, without a large upfront investment. This is valuable for both cybersecurity and data protection compliance.
Want to learn more? We recommend that you check out these 4 Key Areas of Intelligent Security for Non-Profits.