• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Executive Advisors

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Community
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • Interim Executive Placement Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • CMMC Compliance Services
      • Cyber Risk Assessment
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • Core Banking System Selection
      • FinTech Consulting Services
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial Services
    • Government Contracting
    • Health & Human Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
    • State & Local Government
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

A Guide To Nonprofit Data Breach Protection

March 22, 2018 by The Hartman Team

a person at a laptop at a nonprofit with the risk of data breachesNonprofit organizations are particularly vulnerable to data breaches, mainly due to inconsistent security policies and the large amounts of sensitive data they collect and use in their daily operations. Often considered “soft targets”, cyber-criminals increasingly go after nonprofits and other small businesses, which makes the situation even worse for these organizations. Hyper-focused on their missions, nonprofits often direct their limited funds toward serving their constituents.

Unfortunately, this sometimes means that cybersecurity takes a back seat, and employees and volunteers are left in the dark about cyber best practices. This lack of knowledge opens the door to a range of attacks that could include rerouted donations, extortion by holding data hostage, stolen personal information, or hacked websites.

How Nonprofits Can Protect Their Network’s & Data

These days, you don’t need to be a cybersecurity expert to understand the business consequences of a data breach, including decreased revenue, damaged reputations, and even closure. Yet, when it comes to nonprofit organizations, a slowdown or shutdown of operations due to a breach not only affects the organization, but also the population that relies on its services. The after-effects of a breach could mean the need to reduce or suspend essential services, including shelter, meal delivery, healthcare, and disaster relief. As a result, the organization may face additional consequences as donors, members and other funders lose confidence in the organization.

Nonprofit leaders can take basic steps to protect their network and their data, allowing them to continue to provide vital services to communities in need.

Step 1: Assess Your Current Cybersecurity Posture

it people assessing current cybersecurity culture to prevent data breachesThe first step to improve cybersecurity is to understand the organization’s current risks and vulnerabilities through a comprehensive security assessment completed either internally or by a third-party advisor. An assessment will reveal the type of data the nonprofit collects, as well as how it’s stored, used, backed up, and retained. It will also help identify missing or weak protocols regarding passwords, software updates, and firewalls. For organizations that collect and maintain personally identifiable information (PII), or data covered by requirements such as HIPAA or NIST, an assessment will determine adherence to those regulations, and what the financial risks are to the organization based on their current environment.

Step 2: Manage Your level Of Risk

An assessment provides information about an organization’s vulnerabilities, but unless action is taken, the risks will continue at the same level. At this stage, it’s crucial for nonprofits to work to analyze the results, comprehend the threats, and prioritize them so they can be managed effectively through various risk management strategies.

It’s not always possible to fully eliminate a risk. However, there are usually several options for mitigation. In many situations, nonprofits can:

  • Change or stop the activity causing the risk
  • Implement measures to continue the activity, but decrease the risk associated with it
  • Outsource the risk activity and transfer the risk to a third party, such as a cyber insurance provider
  • Develop a longer-term plan to reduce these risks over time, based on a relative risk-to-cost analysis

Step 3: Prepare For The Worst

Regardless of the source, nonprofit leaders need to be prepared to respond to both internal and external stakeholders following a breach. A documented, flexible, incident response plan is critical to this preparation, and may even be required depending on the governing regulations the organization is subject to, including Payment Card Industry Data Security Standard (“PCI DSS”) to which most nonprofits are subject.

Equally important is a competent and practiced incident response team that can put the plan into action. The best plans clearly outline responsibilities and guide organizations through specific steps to follow in the event of a breach or other cyber incident. As reputation and public scrutiny are critical to most nonprofits, the ability to quickly respond to a negative situation in a competent manner is crucial, increasing the likelihood that services for those in need can continue without interruption.

Step 4: Prioritize Training & Education

leader prioritizing training to prevent cybersecurity data breachesWhile attackers continue to find innovative ways inside organizations, the majority of data breaches are the result of negligent employees or contractors. Too often, these individuals, and also volunteers, are unaware that certain actions — opening attachments, using weak passwords — could expose sensitive information and have an irreversible and detrimental effect on the organization.

Comprehensive, ongoing education and training is crucial to risk mitigation, and direction should always come from the top. Read more about how to establish a culture of cybersecurity.

Reach Out To The Nonprofit Cybersecurity Experts

Nonprofits need to be vigilant about cybersecurity to protect not only their assets and reputation but the individuals who rely on their operations. Leaders who recognize the reality of a potential breach can take steps to mitigate risks and stay ahead of threats through proactive cyber risk management.

If you’re a nonprofit executive who is ready to get serious about cybersecurity, contact Hartman today to start a conversation about your unique situation.

Filed Under: IT Strategy,  Leadership

Primary Sidebar

Types

  • Article
  • Press
  • Vlog
  • Webinar

Topics

  • COVID-19
  • Cybersecurity
  • Featured
  • Hartman News
  • Health & Human Services
  • Interim Executive Placement
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Mergers & Acquisitions
  • Risk Management Consulting
  • Strategic Services
  • Systems & Software
  • Telehealth

Related Blogs

members of an association discussing member retention

The Questions Association Leaders Need to Answer to Engage and Retain Their Members

May 5, 2022

Declining membership is a major concern for association executives. Whereas it used to be standard for professionals to join industry-focused [...]
Read More

Neobanks and Banking as a Service: The Community Bank Opportunity

April 27, 2022

The term “neo” is used to describe something that is new, modern, revived or modified.  Neobanks are FinTechs that challenge the traditional [...]
Read More

construction using a tablet to calculate material and design

Industry Spotlight:
Ronnie Kurlander
Construction & Real Estate Industry

March 15, 2022

Ronnie Kurlander is Hartman’s Construction & Real Estate Industry Lead. Ronnie’s background in project management and process improvement [...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.

© 2022 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use