How Secure Is Your Organization?

From data loss to data breach, the consequences of a security failure can be substantial. Trillions of dollars are lost every year because of cybersecurity attacks, many of which are ramping up across the globe and targeting small-to-midsized businesses. Nonprofit organizations are particularly vulnerable, because many may not have resources allocated to properly secure their IT systems.

Data Security Is a Growing Concern

Not only are security threats constantly increasing, but also, the consequences of these security threats are significant. Sixty percent of the small businesses that suffer from a security breach will be out of business within six months. For nonprofits, losing data and potentially losing grants could be disastrous.

• Data breaches cost money. Data needs to be recovered and audited for security. Plus, customers, vendors, and employees impacted by the breach must be notified, and their losses need to be paid for. In addition to administrative time spent dealing with the breach, costs can include identity theft protection and the theft of intellectual property. Nonprofit organizations often collect large amounts of personally identifiable information, which could be vulnerable.
• Many businesses depend on their data to complete their critical operations. Nonprofits need to collect lead and donor information, which could be entirely lost during a data breach. Volunteer information, financial documents, and grant reporting are all examples of data that a nonprofit might need in order to continue operating.
• Data can be permanently lost. When data is permanently lost, nonprofits may need to embark upon the expensive and time-consuming process of restoring and replacing it. Donors and leads may need to be contacted again. Inventories may need to be rebuilt from scratch, and employees may need to switch their focus from fundraising tasks to administrative ones.
• Companies may suffer from a loss of faith. Volunteers and vendors may be hesitant to engage with nonprofits that have experienced significant security breaches, especially if those breaches impacted their employees' and donors' personal information. A negative perception of the organization can develop and be very difficult to counter.

The total cost of a data breach averaged $3.62 million in 2017. These high costs have led many businesses to purchase data and IT-related insurance. Though this insurance can protect a business from the direct costs of data loss, it cannot protect it from the associated damage to its reputation.

Protecting Your Data from Loss

Protecting your data is primarily about being prepared for the worst. It's not always a cybercriminal who causes damage to an organization's data. In fact, very often, it's simply an untrained employee. To protect yourself, you need to build out a strategic plan that includes strict data management processes. Your strategy should include the following.

1. Create a Disaster Preparedness Plan

A preparedness plan outlines who is responsible for data and data security, in addition to the processes that should be used to protect the data and what should be done in the event of a data breach.

2. Ensure That Your Data Is Automatically Backed Up

Data should be backed up regularly, and those backups should be encrypted to prevent data compromise. This protects your organization from ransomware and other data loss issues.

3. Be Careful with Data Permissions

Users should always be limited in access to the data that they need to operate. Employees who exit from the company should have data permissions immediately revoked during the process of offboarding.

4. Keep Current in Areas of Security and Compliance

Security standards and regulatory compliance requirements change from year to year; schedule seminars for IT-related and management positions to keep current with changes.

5. Conduct Regular Third-Party Audits

A third-party audit will go over any risks inherent to your current security — and will provide recommendations for improving your security. This gives you a professional perspective on your security standards.

The Importance of Regular IT Audits

Over time, the needs of an IT department will change. IT departments can fall behind on modern security standards quite easily — as cybercriminals are advancing in their techniques and strategies every day. Additionally, as an organization operates, many business processes may shift. Organizations can slowly drift towards less than comprehensive security measures as new staff members are onboarded and new technologies are added.

Regular third-party IT audits are necessary to gain outside perspective from experienced professionals. Not only are audits able to identify high-risk factors, but they can also give actionable steps towards both improving and optimizing security processes. Regular IT audits can also serve as reassurance to investors, customers, and vendors that data is being protected across a company level and that all efforts are being made to reduce risk.

As modern companies add Internet of Things devices, move their data to the cloud, and integrate third-party applications, they lose more control over their own network and systems. But these new technologies are essential for companies that want to remain up to date. To protect data while still leveraging advanced technology, nonprofits need to be mindful about their data security from the beginning. Your nonprofit organization can get started today with a comprehensive security assessment.

Additional Resources: Data Security for Nonprofits

• To get started on a disaster preparedness plan, check out TechSoup's guide to disaster planning and recovery.
• For more information about cybersecurity and data privacy for nonprofits, explore Microsoft's white paper.
• For help with an IT audit, learn more about Managed IT Services.