What Can You do About Data Security at your Nonprofit? Plenty!

Reports of new data breaches have, unfortunately, become more and more common. Recently, UniCredit, an Italian bank and financial services company, revealed that it had a data breach involving 3 million customers. The source of the breach was a compromised file created in 2015.

Many times the cause of data breaches is as simple as an unchanged password. The Washington Post reported that the Dropbox breach that revealed the emails and passwords of over 68 million Dropbox users was the result of an employee using the same password from another website that had been hacked. Other stories tell of people using “Password” or “12345678” or similarly easy to guess passwords.

It’s easy to think that these data breaches won’t happen to nonprofits, but nonprofits are targeted, too. Save the Children was hacked twice in 2017 and lost more than $1M to an email scam.

In fact, charities can be attractive targets because they have personal information, sometimes medical information, as well as financial information. In an article for Insurance Business Magazine, Frank Tarantino, Charity First Insurance Services, Inc., notes that healthcare and higher education are particularly at risk but all nonprofits need to be prepared.

“Healthcare related organizations store vast numbers of medical records, social security numbers, and credit card details. This information is very valuable to hackers to either sell on the black market, or to use the information themselves to apply for credit cards, loans, or to participate in any other type of fraudulent activity,” he says.

Since fundraising is all about good relationships with donors and prospects, nonprofits have an extra incentive to protect their donors’ data.

What Can We Do to Protect Our Data?

Does your nonprofit have a data security policy in place? Know it and use it! If your organization doesn’t have one, you might want to suggest developing one.

You may be wondering, what can you do personally to protect your organization’s data?

Here are a few tips:

• Do NOT Email Donor and Prospect Information. Email is NOT a secure method to transmit data, most especially Social Security numbers and medical records, even if it is to another employee. Many nonprofits have an internal shared drive where files can be saved and retrieved. At Aspire we securely share donor prospect information with clients using DropBox, cloud-based file sharing software. Consider how to transmit data securely when working with anyone outside of your organization, such as consultants, marketing companies, etc.
• Create Strong Passwords. Here are some strong password tips. Moreover, change them periodically. Many organizations may require passwords to be updated every few months. If remembering your passwords is challenging, consider using a password manager that helps secure and manage all your passwords.
• If a password gets compromised, change it. If you use the same password for several accounts or websites (which isn’t advisable), and one of them is compromised, you should change them all immediately to prevent what happened to Dropbox happening to your organization.
• Run anti-virus software constantly on your computer. That way, you can stomp out the problem in the first place. Some anti-virus software will also advise on what websites to open, so it’s good to heed their warnings. Make sure to keep your software up-to-date since threats keep evolving and anti-virus software companies are constantly fighting back.
• Keep your computers secure with passwords. Many nonprofits issue laptops to their employees. These laptops can be easily stolen if left unsecured in public places. Moreover, the computers should require login and password information that you should use every single time! If the computer is physically stolen, it’s harder for the thieves to access the data on the computer.
• Find out what the policies are with your third-party vendors. Your organization might be buttoned up tight against data breaches, but that may not be enough. Talk with vendors and other third parties to find out what they are doing to secure data for their customers.

These are just a few ways that you can help to safeguard the data of your organization. Learn more with the resources below. Why bother? Because your donors, prospects, and beneficiaries are worth it!

Additional Resources

• Cybersecurity for Nonprofits l National Council of Nonprofits
• Cybersecurity for Small Businesses l FCC.gov
• Small Business Cybersecurity l US Small Business Administration
• Phishing Card Tip l Homeland Security
• The 21 scariest data breaches of 2018 l Business Insider 2018
• UniCredit reveals data breach exposing 3 million customer records l ZDNet 2019
• Hacked Dropbox login data of 68 million users is now for sale on the dark Web l Washington Post 2016
• Save the Children Hacked Twice in 2017 l The Non Profit Times 2018
• Non-profits are a target for data breach l Insurance Business 2019
• Choosing and Protecting Passwords l Homeland Security CISA Cyber-Infrastructure