• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Advisors Site Logo

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • Cyber Risk Advisory
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial
    • Government Contracting
    • Healthcare & Community Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

A Guide To Nonprofit Data Breach Protection

March 22, 2018 by The Hartman Team

a person at a laptop at a nonprofit with the risk of data breachesNonprofit organizations are particularly vulnerable to data breaches, mainly due to inconsistent security policies and the large amounts of sensitive data they collect and use in their daily operations. Often considered “soft targets”, cyber-criminals increasingly go after nonprofits and other small businesses, which makes the situation even worse for these organizations. Hyper-focused on their missions, nonprofits often direct their limited funds toward serving their constituents.

Unfortunately, this sometimes means that cybersecurity takes a back seat, and employees and volunteers are left in the dark about cyber best practices. This lack of knowledge opens the door to a range of attacks that could include rerouted donations, extortion by holding data hostage, stolen personal information, or hacked websites.

How Nonprofits Can Protect Their Network’s & Data

These days, you don’t need to be a cybersecurity expert to understand the business consequences of a data breach, including decreased revenue, damaged reputations, and even closure. Yet, when it comes to nonprofit organizations, a slowdown or shutdown of operations due to a breach not only affects the organization, but also the population that relies on its services. The after-effects of a breach could mean the need to reduce or suspend essential services, including shelter, meal delivery, healthcare, and disaster relief. As a result, the organization may face additional consequences as donors, members and other funders lose confidence in the organization.

Nonprofit leaders can take basic steps to protect their network and their data, allowing them to continue to provide vital services to communities in need.

Step 1: Assess Your Current Cybersecurity Posture

it people assessing current cybersecurity culture to prevent data breachesThe first step to improve cybersecurity is to understand the organization’s current risks and vulnerabilities through a comprehensive security assessment completed either internally or by a third-party advisor. An assessment will reveal the type of data the nonprofit collects, as well as how it’s stored, used, backed up, and retained. It will also help identify missing or weak protocols regarding passwords, software updates, and firewalls. For organizations that collect and maintain personally identifiable information (PII), or data covered by requirements such as HIPAA or NIST, an assessment will determine adherence to those regulations, and what the financial risks are to the organization based on their current environment.

Step 2: Manage Your level Of Risk

An assessment provides information about an organization’s vulnerabilities, but unless action is taken, the risks will continue at the same level. At this stage, it’s crucial for nonprofits to work to analyze the results, comprehend the threats, and prioritize them so they can be managed effectively through various risk management strategies.

It’s not always possible to fully eliminate a risk. However, there are usually several options for mitigation. In many situations, nonprofits can:

  • Change or stop the activity causing the risk
  • Implement measures to continue the activity, but decrease the risk associated with it
  • Outsource the risk activity and transfer the risk to a third party, such as a cyber insurance provider
  • Develop a longer-term plan to reduce these risks over time, based on a relative risk-to-cost analysis

Step 3: Prepare For The Worst

Regardless of the source, nonprofit leaders need to be prepared to respond to both internal and external stakeholders following a breach. A documented, flexible, incident response plan is critical to this preparation, and may even be required depending on the governing regulations the organization is subject to, including Payment Card Industry Data Security Standard (“PCI DSS”) to which most nonprofits are subject.

Equally important is a competent and practiced incident response team that can put the plan into action. The best plans clearly outline responsibilities and guide organizations through specific steps to follow in the event of a breach or other cyber incident. As reputation and public scrutiny are critical to most nonprofits, the ability to quickly respond to a negative situation in a competent manner is crucial, increasing the likelihood that services for those in need can continue without interruption.

Step 4: Prioritize Training & Education

leader prioritizing training to prevent cybersecurity data breachesWhile attackers continue to find innovative ways inside organizations, the majority of data breaches are the result of negligent employees or contractors. Too often, these individuals, and also volunteers, are unaware that certain actions — opening attachments, using weak passwords — could expose sensitive information and have an irreversible and detrimental effect on the organization.

Comprehensive, ongoing education and training is crucial to risk mitigation, and direction should always come from the top. Read more about how to establish a culture of cybersecurity.

Reach Out To The Nonprofit Cybersecurity Experts

Nonprofits need to be vigilant about cybersecurity to protect not only their assets and reputation but the individuals who rely on their operations. Leaders who recognize the reality of a potential breach can take steps to mitigate risks and stay ahead of threats through proactive cyber risk management.

If you’re a nonprofit executive who is ready to get serious about cybersecurity, contact Hartman today to start a conversation about your unique situation.

categories logoIT Strategy,  Leadership

Primary Sidebar

Types

  • Article
  • Press
  • Vlog

Topics

  • COVID-19
  • Cybersecurity
  • Featured
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Risk Management Consulting
  • Strategic Services
  • Systems & Software

Related Blogs

digital transformation on a key board

Digital Transformation – A Necessity for Middle Market Success

December 9, 2020

Middle market organizations often get by with manual processes, spreadsheets, and workarounds when it comes to their data. When systems functionally[...]
Read More

a business owner planning a strong IT strategy for 2021

Developing A Strong IT Strategy For 2021

December 1, 2020

Organizations around the world were challenged in unexpected ways by the COVID-19 pandemic. Some companies shut down, while others were able to pivot [...]
Read More

doctor using telehealth software to improve his business

Client Spotlight: Q&A with Bezawit Sumner, Director of Security and Compliance at CRISP

October 29, 2020

To round out National Cybersecurity Awareness Month, we interviewed our client, Bezawit Sumner, Director of Security and Compliance at CRISP, Maryland[...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.
© 2021 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use