Cyber security is a very sensitive subject these days. Many are aware that a data breach can happen, but many still think “It will never happen to us.” or “Our non-profit is too small, security breaches only happen to larger organizations”. Small, medium, or large; every non- profit should take proper measures to make sure their donor data is secure from a cyber breach.
Three questions every nonprofit should ask themselves:
-Do we process donations or event registrations with payment on our website?
-Do we save and store personal information of our employees, volunteers and donors? (personal information being- employee records, social security numbers, driver’s licenses, addresses, bank account numbers for direct deposit for employees, and donation payment information, such as card numbers, checking account numbers, and even investment account numbers from stock gifts.)
-Do we collect and store information about our donors, subscribers to newsletters, and patrons/ event attendees?
If you answered YES to any of these questions, you are at risk for a data breach! So, what can your organization do and what are the next steps to make sure your non-profit is more secure?
First, assess your risks and review the places that could result in a data breach, then implement a data security plan. When collecting and storing data…where is it stored… the cloud or customized data entry system for your organization that is saved in house? How do we collect the info we store? And finally, who oversees managing the collected data for donors, event attendees, and even employees? Is sensitive information only available to a limited amount of organization members? Training all employees and volunteers to collect and dispose of information correctly and carefully will help aid in preventing a data breach.
Many nonprofits employ help to maintain their company from outside sources like bookkeeping, IT, payroll, and even data backup and storage. Some organizations collect and process donations thru a third-party source, which may not be as secure and can be breached. Not only is protecting in house data important, making sure all third-parties have a very strong data security plan in place as well, will protect your non-profit from a third-party data breach.
How does your organization prevent data breaches?
Tips for secure passwords:
-Changing passwords for all software which contains donor, event attendee, and employee data
-Make passwords the longest length allowed (example 8 characters, 12, characters, 16 characters)
-Change any password with an employee’s name, the word “admin”, or any other basic information
-Use upper and lower-case letters, numbers, and symbols to make your password complicated
-Add a password authenticator encryption device like a 6-digit code generator (These authenticators are very easy to use. You can even download an app for one on your smart phone!)
Tips for Website Security:
-All nonprofits accepting donations or event attendance payments through your website-choose a secure company to accept, process, and transfer funds to your account
-Change your website back office password with a lengthy password with letters, numbers, and symbols
-Add encryption to your website back office password (This authentication device will help prevent any hackers from taking over your website, redirecting donations and payments to another account, and hurting your sites credibility)
You can protect your non-profit from a cyber security breach by assessing risks, training all employees and volunteers on how to securely handle data, and making sure all third-parties securely handle your data. These measures will help your organization prepare and will help prevent a cyber security attack in the future. While unforeseen instances may occur, being prepared for them by having a security plan and even investing in cyber liability insurance may help your non-profit to be protected from an unforeseen event! A few upcoming Schenley blogs will be on the topic of Liability Insurance, what is it, and how much coverage would your non-profit need to be protected? Don’t forget, Schenley can review your organizations investment portfolio and insurance! Call us for your organizations personal review today!
Written by: ||cassandra hartman, office manager||