It’s easy to think of nonprofits as less attractive targets to cybercriminals than businesses, but that’s precisely the thinking that puts them at risk. When it comes to information security and privacy, you need to think of donors in the same terms that businesses think of their customers.
Every time someone donates, you collect information such as their addresses and payment details, and donors trust you to keep it safe. If you fail in this obligation, the consequences are just as serious as they are in normal business transactions — reputational damage, compliance breaches, and costly remediation processes, to name a few. To protect your donors, you must do the following:
#1. Automate patch management
Human error is behind most data breaches, even if it is technology that usually gets the blame. A common mistake to make is deferring critical security updates or failing to install them at all. This can result in vulnerabilities going unpatched and being exploited by hackers.
Instead of relying on your employees to manually install essential updates, it’s much more efficient to automate patch management company-wide. Automating the process, preferably during off-peak hours, will minimize office disruption, and considerably reduce cybersecurity risks.
Also, decade-old hardware or software should be retired as soon as possible because developers stop providing support and crucial security updates for these technologies. Windows 7, for instance, will no longer be supported past January 14, 2020, so companies need to upgrade to Windows 10 soon.
#2. Implement multifactor authentication
Most nonprofit organizations are implementing cloud computing and mobile device because of the many ways they enhance productivity and reduce costs. The problem is, using these technologies may also increase the organization’s exposure to cyberattacks.
Traditional cybersecurity solutions are no longer enough. Instead, you need to take security to the account level, but there’s more to that than simply enforcing a strong password policy. Any system that deals with the transmission or storage of sensitive data, such as healthcare information or payment details, should have an additional verification measure in place, such as a one-time security token or fingerprint.
#3. Review your mobile device policy
Keeping your data in the cloud rather than storing it on a plethora of organization- or employee-owned mobile devices will go a long way toward keeping it secure. However, if a device is reported lost or stolen, and it’s not adequately protected, an attacker might be able to access the data on it.
Your mobile device policy must clearly lay out the rules and standards for employees, whether they’re using their own devices or those issued by the company. Your policy should include a remote-wiping clause, as well as a blacklist of high-risk apps that might put sensitive data at risk.
#4. Limit access to sensitive data
Whether intentional or accidental, most data breaches stem from inside the organization, and nonprofits are no exception. That’s why it’s always safer to follow the principle of least privilege, whereby employees and volunteers only have access to the systems and information needed for them to do their jobs.
For example, there’s typically no reason to provide field volunteers with access to transaction information if they’re not actively collecting donations. While you can’t completely isolate yourself from internal threats, limiting access to sensitive data goes a long way toward reducing the likelihood of data breaches.
#5. Outsource your security operations
With limited budgets to invest in technology, few nonprofits can afford to have fully equipped and staffed IT departments of their own. Yet that doesn’t mean they don’t need the same degree of information security and governance that large enterprises have. That’s practically impossible to achieve in-house for most organizations, so the best option is to outsource your IT management and security operations to a dependable managed IT services provider. This will also reduce costs by giving you access to resources and expertise on demand and helping you further your mission without adding risk.
A Couple of Gurus offers an array of solutions and services to streamline your nonprofit operations and protect sensitive donor information. Call us today to schedule your first consultation and ensure your nonprofit organization’s safety.