Few nonprofits have an IT department. Many of us figure out our internet, databases, project tools, email, newsletters, and other technology on our own and as we go. Sometimes, when we’re really lucky, someone on staff (a program manager, an intake worker, etc.) just happens to have some tech skills and they end up becoming the ‘go to’ person when we can’t get our workshop materials to print or figure out how to hook up the projector in the storage/conference room. However, nonprofits, particularly smaller nonprofits, are becoming prime targets for cyber attacks because we’re so small and perceived to be less tech-savvy than larger organizations or businesses. And many cyber attackers know we keep valuable information such as donor lists.
Many nonprofit leaders are concerned about cybersecurity. However, we deal with pressing needs on a daily or hourly basis so sometimes something like ‘cybersecurity’ keeps getting pushed to the back burner. Ensuring someone has a place to sleep tonight feels more urgent than protecting our data at this moment. But we need to take steps soon in order to protect our organizations, ourselves, our donors and the people we serve who are often already vulnerable.
Where do we start? What are the threats and risks? What are the first steps we need to take? Without a dedicated technology staff person, how do we implement safety measures? And, even if we do have a tech department, how can we ensure that we’ve got the best security plans in place?
Below are resources, links, articles, and tools to help us understand the risks as small, medium and large-sized nonprofits, protect our data and improve our cybersecurity.
Understanding the Risks
This article from Charity Village is a great place to start. The authors describe risk scenarios, how nonprofits may be vulnerable, the consequences of a cyber breach, and tips to make our organizations safer.
Nonprofit Quarterly shares real examples of large and very small organizations who were victims of cyber attacks, and how it can impact the sustainability and viability of our organizations.
In this blog (part one in a two-part series – see part two below) from TechSoup, the author describes the risks and how cyber attackers may find their way to our organizations. Human error is one of the most common ways we are made vulnerable so learning how the attacks can happen is a great first step in protecting ourselves!
The specific types of data and vulnerabilities that cyber attackers target are detailed in this article from TechSoup. They also identify the kinds of organizations and the type of work that may make us particularly vulnerable. Steps and strategies to protect ourselves and reduce our susceptibility to cyber attacks are also shared.
In part, this article explores how sometimes the security threat is actually inside – our organizations and/or our sector. They also share how cybersecurity is the responsibility of all – staff, leaders and the Board.
How to Protect Ourselves
This article from The Balance Small Business shares practical strategies for creating greater cybersecurity within our organizations. Some of the tips include staying calm and staying informed, which are free, and others may be costlier such as upgrading technology software and hardware. Great tips here.
This is the second in the two-part series (part one is above) from TechSoup. There are only three tips here but they are good strategies and the authors go into great detail about how these measures can really work to protect our organizations.
This article shares practical tips that all nonprofit organizations can implement to protect their data and improve their cybersecurity.
These 5 tips are helpful strategies that can help us improve security. Some of them may require some serious investment but others such as making cybersecurity a priority are free and practical.
Immediately this article dispenses with the popular question many nonprofits may ask themselves, ‘why would anyone want to hack us?’ and shares that nonprofits make up nearly 43% of cyber attacks. The five tips for protecting ourselves shared here by the Huffington Post are practical and inexpensive.
This is a much more in-depth plan of ‘attack’. The author lays out a data governance strategy with 10 steps in order to create a data and cybersecurity protection program within our organizations. This plan may require a greater budget and more human resources than other plans, but if your organization holds a lot of sensitive data then this may be the road to travel.
We hope you found these links helpful, and that with this information we can begin to make our organizations’ data more secure.
Have you got tips, links or resources for data protection or cybersecurity? We’d love to hear about them! Please feel free to share them in the comments below or email us at email@example.com.
Until next time,
The PLC Team