There’s nothing like a data breach to wreak havoc on your organization and kill the giving spirit of your donors. According to Score.org, 50% of nonprofits have experienced a ransomware attack. It’s no longer an “if” but a “when,” and when it happens, will your organization be able to recover from a cyberattack? Cyberattacks hit the nonprofit industry the hardest in 2020 due to increasing medical needs, remote work, and digital sharing of private information during the COVID-19 pandemic. Read below on how you can prepare your organization in the event of a cyber attack.
Nonprofits are often easier targets for hackers due to the amount of personal information they store on donors, their use of third-party applications, and the lack of cyber security safeguards they have in place.
The first step towards a fully protected organization is a multi-faceted risk assessment. Together we will perform a vulnerability assessment to discover potential entry points for hackers, back up all data, provide security training to employees, and create an incident response plan with clear steps following an attack. Even if your organization uses third-party applications, your cyber risks aren’t fully transferred, and it’s time to address your protective safeguards. Know that in the event of a breach, your company will suffer lost time, damaged reputation, and could even face lawsuits from stakeholders for mismanagement of personal information.
We often get questions surrounding the risk of using third-party platforms as nonprofits often outsource operations such as bookkeeping, IT consultants, payroll services, or donor and volunteer management platforms. Unfortunately, these outsourced services pose many risks as third-party vendors often don’t exercise adequate data security protection leaving the nonprofit’s data at risk. Consequently, when hiring third-party vendors for projects, make sure that you are fully versed with the firm’s security protocols and plans in case of a breach.
Employee training is a considerable concern for nonprofits as they are your first line of defense against hackers. Therefore, we will provide comprehensive employee training to address common pitfalls such as phishing attempts, overused passwords, improper storing of information, and the use of employee cellphones. In addition, we will create a cyber policy handbook to stay vigilant as regular maintenance can go a long way towards reducing data security risks.
Now that we’ve taken care of the housekeeping items let’s briefly discuss cyber liability insurance. Even with every I-dotted and T-crossed, hackers can still gain access to your network; that’s where an insurance policy would provide protection. Insurance policies are available to cover financial and reputation losses following a breach.
According to the Nonprofit Risk Management Center, there are three keys steps in purchasing cyber-liability insurance: (1) Understand how a breach of privacy could affect your nonprofit; (2) Work with a knowledgeable insurance agent or broker who not only understands how different cyber liability policies differ in their coverage but also understands your nonprofit’s operations and activities well enough that s/he can break down your nonprofit’s exposures with you; and (3) as with all insurance, take a hard look at the cost of the annual premium.
Yes, the idea of someone hacking your nonprofit’s website or data storage is frightening, but in today’s world, such incidents have become commonplace. Failing to assess and address cybersecurity risks is like failing to get your oil changed.
Every state has data breach notification laws in place, so be sure you monitor changing regulations regarding cyber trends and nonprofits.
SOGO Insurance will help you stay current on changing cyber laws and trends while providing a cyber insurance policy that protects your organization from security nightmares, legal fees, and reputation loss. So give me a call for your complimentary risk assessment today and determine the following steps to protect your organization.