Estimated reading time: 2 minutes, 58 seconds
Nonprofit Security Issues
The large-scale data breaches at several major retailers should serve as a reminder that any organization, even a non-profit, that collects personal information is obligated to keep that information secure by complying with privacy regulations and confidentiality provisions for their state.
The effects of a data breach on your organization are far reaching; a breach could result in downtime, loss of reputation and/or constituents and even legal action depending on the severity of the breach.
If securing your data it isn’t already a primary issue for your organization it is time to make it one. The first step is to map out where your organization is most vulnerable.
Internal
While many people assume the greatest risk comes from outside the organization that isn’t true. Data breaches aren’t limited to high tech hackers cracking into an organization’s database, snooping by current staff members also poses a significant risk factor.
Also, not every data breach is the result of a deliberate theft. Something as simple as losing an unencrypted USB drive could result in a breach. Organizations can limit that risk by carefully monitoring who has access to a donor’s personal information. While it is true that non-profit staff members often wear many hats, the best way to keep the data secure is to have separation of duties.
In addition, it is a good idea to limit who has access to the information. Make use of your software’s administrative features and grant access to information on an as needed basis. For example, a part time volunteer whose primary responsibility is to answer phones should have limited access to the database.
Better yet, don’t collect any information that you don’t need. For the most part, there is no reason why a non-profit should need to collect a donor’s social security number. Remember they can’t steal it if you don’t have it.
External
While large businesses and organizations remain a juicy target for hackers, experts believe that more small to midsize organizations will come under attack in the coming years. Hackers infiltrating your computer system and hijacking the information is the biggest threat, but small threats exist too.
For example, malware is one trick data thieves use to get virus into a computer system. The malware arrives in an email, usually from an unknown sender; the recipient opens it, which allows the virus to infect the entire network. The only way to prevent malware from entering the system is to not open emails from unknown senders.
Also, outfitting every staff member with a tablet or iPad may improve efficiency but it can also lead to data breaches if the staff member loses the device. Using the device on an unsecured wireless network or mobile hotspot can lead to data loss.
Your organization should have a policy in place that ensures that all devices have passwords and that they are all checked in/out and they should all have their firewalls and privacy settings kept up to date.
How to Keep Your Organization Safe
Obviously, if it is within your organization’s budget the best prevention is to have a full time IT staff member who keeps abreast of threat risks, bugs, and software patches.
However, that is not enough your organizations should have policies that clearly states how staff members can use technology and the ramifications for misuse.
In today’s digital society, vigilance is the key to keeping your organization’s data safe.
Latest from Jennifer Flaten
Most Read
-
-
Feb 16 2009
-
Written by Kurt Martin
-
-
-
Jul 22 2016
-
Written by Jennifer Flaten
-
-
-
Sep 12 2013
-
Written by Jennifer Flaten
-
-
-
Jun 25 2010
-
Written by Bob Alves
-