The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the crippling effect it could have on day-to-day operations of an organization with limited resources. A security incident can also damage the organization’s reputation and ability to raise funds. Mitigating a data breach – which could include hiring network forensics investigators, retaining legal counsel, and sending breach notification letters to every person whose data may have been compromised – can get expensive quickly. Moreover, an organization’s own unintentional release of sensitive information could have consequences as serious as a security breach caused by a scammer.
Nonprofit organizations often collect personal information from a variety of sources such as donors, employees, volunteers, and the people who benefit from their services. This information is diverse and might include credit card and personal contact information of donors, financial and health information about the people served by the organization, and payroll and other employment information of its employees. The information collected and retained by nonprofit organizations is exactly the type of data cyber criminals pursue. Yet, often due to the nonprofit model, limited resources that could be used to proactively address cybersecurity threats may be allocated elsewhere. Even if resources are dedicated to cybersecurity, cyber criminals may perceive nonprofits as “soft targets.” Continue Reading