Data breaches are nothing new, and they are no longer confined to for-profit businesses. More and more nonprofit agencies are finding their data compromised, leaving their donors, volunteers and the people they serve vulnerable to identity theft and other serious ramifications.
There are several reasons that nonprofit agencies are increasingly becoming the targets of hackers and the writers of ransomware. One of the most significant reasons for the targeting is the perception that nonprofit agencies often lack the sophistication to protect their data adequately, and there is some truth to this assertion.
Nonprofit agencies often run on shoestring budgets, with little money left over for IT staff or outsourced data monitoring. For many years, some nonprofits have treated security as an afterthought, but these days no one can afford to be blasé about protecting the integrity of their information.
If you run a nonprofit agency or work for one, you need to take a proactive approach to data security. Here are 10 things you can do right now to protect your donors, your customers and the data with which you are entrusted.
- Collect only the information you need. Whether you are collecting money from donors, working with the people you serve or bringing new volunteers onboard, minimize the amount of data you collect.
- Recruit volunteers with solid technical skills. Having volunteer staff with up-to-date technical skills is a great way to protect your data without interfering with the good work you do.
- Store sensitive information offline. If you must store Social Security numbers, credit card data and other confidential information, keep it in an offline database.
- Provide employees and volunteers with the least necessary amount of access. Giving staff members access to only the information they need to do their jobs reduces the chance of data leakage and helps keep everyone safe.
- Train your employees and volunteers on security best practices. Provide each new worker or volunteer with data security training, and hold regular sessions to remind them how important it is to keep the firm’s data safe.
- Install a quality email filter and check it regularly. A good spam filter can reduce the chances of email-based phishing attempts and data breaches.
- Filter internet traffic as well. Just loading a compromised website could put the security of the entire network in danger, and a good filter is your first line of defense.
- Turn on automatic updates for all your connected equipment. Keeping your software up to date is an essential part of data security for nonprofits.
- Schedule an annual security test for your network. Intrusion testing should be an integral part of your data security, and a yearly review will give you, and your customers, peace of mind.
- Require strong passwords for website access. Online access can make it easier to give donations to the nonprofit, but weak passwords can put those donors at risk. By requiring a secure password for the nonprofit website, you force everyone who logs on to take their security seriously.
Nonprofit agencies face significant challenges when keeping their data safe. From the assumption of weak security to the reality of stretched budgets, these difficulties can create real problems. By taking a proactive approach to the safety of your donor, volunteer and customer data, you can enhance data security and make a data breach far less likely.